You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close

02: How must I configure my Anti-virus or system-level software to work with PolicyPak CSE?

Some Antivirus engines need to be told to EXCLUDE some PolicyPak items.

PolicyPak acts as part of the operating system, and as such, can occasionally conflict with SOME Antivirus programs. (McAfee, Sophos, etc.)


We suggest proactively excluding the two processes below which could be blocked and prevented from performing their jobs.

  • PPWatcherSvc*.exe (with * being either the 32- or 64-bit version)
  • PPExtensionService.exe (with * being either the 32- or 64-bit version)


You might need to further expand the exclusion to

  • %Programdata%\PolicyPak.
  • %localappdata%\PolicyPak


And also… for 32-bit machines:

  • C:\Program Files\PolicyPak
  • C:\ProgramData\PolicyPak
  • C:\Program Files (x86)\PolicyPak\Application Manager\Client\*\PPReapplyOnLaunch32.dll 
    (* should be replaced with your installed CSE version, i.e. 21.10.2943)
  • C:\Program Files (x86)\PolicyPak\Application Manager\Client\*\PPAppMgrClient.dll 
    (* should be replaced with your installed CSE version, i.e. 21.10.2943)


And also .. for 64-bit machines:

  • C:\program files (x86)\PolicyPak
  • C:\Program Files\PolicyPak
  • C:\ProgramData\PolicyPak
  • C:\Program Files\PolicyPak\Application Manager\Client\*\PPReapplyOnLaunch64.dll
    (* should be replaced with your installed CSE version, i.e. 21.10.2943)
  • C:\Program Files\PolicyPak\Application Manager\Client\*\PPAppMgrClient.dll
    (* should be replaced with your installed CSE version, i.e. 21.10.2943)
  • C:\Program Files\PolicyPak\Device Manager\Client\*\PPDMClient.dll
    (* should be replaced with your installed CSE version, i.e. 21.10.2943)


IMPORTANT: * in the above location paths should be matched to your installed CSE version!


To cover all the bases please also exclude PPWatchersvc64.exe and PPWatchersvc32.exe from the Exploit Mitigation feature.


SOPHOS CUSTOMERS who receive: "APCViolation' exploit prevented in PolicyPak Watcher Service".

  1. Check the Event details and then make an exception in the Exploit Protection setting.
  2. The typical workaround is to add PPWatersvc64.exe as an exclusion to the Exploit Mitigation.

IVANTI HEAT CUSTOMERS:

  1. See “Troubleshooting Application Conflicts with LES”: https://forums.ivanti.com/s/article/Troubleshooting-application-conflicts-with-LES
  2. The basic approach is to rename these files then reboot and see if conflicts still occur.
    • C:\Windows\System32\sxwmon64.dll
    • 32-bit: C:\Windows\System32\sxwmon32.dll
    • 64-bit: C:\Windows\SysWow64\sxwmon32.dll
       

FORTINET CUSTOMERS:

FortiNet / FortiClient version 6.0.8.0261 won’t install the latest CSE and displays the following error message during installation:
 



Symptom: Error message when installing CSE "Could not write value ExplorerCommandHandler to key \SOFTWARE\Classes\exefile\shell\runasspecial"

  1. The workaround is to update FortiClient to version 6.0.9.0277 or higher.

MORE INFORMATION / MICROSOFT A/V PRODUCTS

For more details on Windows Defender exclusions in general, please see the following article: https://cloudbrothers.info/en/guide-to-defender-exclusions/

CARBON BLACK CUSTOMERS:

During the installation of the PolicyPak CSE you may encounter the following error message:

To work around this issue please add the following BYPASS policies for PolicyPak as shown in the screenshot below.
 

  • 270
  • 30-Mar-2023
  • 8299 Views