Jump to content

Recommended Posts

So i guess this is kind of a two part post. So we just replaced our on prem endpoint clients with the cloud endpoint clients and that seemed to go fine using the mbam clean tool.

The problem some of our users are seeing is their chrome and firefox will lock up for 20+ minutes and just be frozen. I have turned off Web Protection and Anti Exploit to see if that fixes it, i haven't heard an update on the issue yet but i was curious if anyone has ran into this issue before.

Part two,
We have two policies, one for our computers and the other for our virtual machines/VDI's that DO NOT use anti exploit. I realized that using the endpoint installer provided it only uses the default policy and i can't install an endpoint solely to a specific policy like we kind of could with the on prem solution (install with anti exploit, one without). Is there a way besides installing then moving the machine to the correct policy to install the specific client to that specific policy?

Link to post
Share on other sites
  • Staff

Average Cisco guy, can you take a look at the policy for the affected endpoints please let me know if the Self Protection module is enabled on these problem endpoints?

As well with this option disabled are we able to get the client machines running smoothing 

Link to post
Share on other sites
9 minutes ago, KDawg said:

Average Cisco guy, can you take a look at the policy for the affected endpoints please let me know if the Self Protection module is enabled on these problem endpoints?

As well with this option disabled are we able to get the client machines running smoothing 

I think he said in his post that turning off all of the services did not help?

Link to post
Share on other sites
  • Staff
On 11/10/2017 at 1:23 PM, AverageCiscoGuy said:

Is there a way besides installing then moving the machine to the correct policy to install the specific client to that specific policy?

For both the cloud product and the on-prem, the answer is no. Both products include a default setup to run under until the machine checks-in. The illusion with the older on-prem is that you are sending the group and that group's policy with the created installer so it has it already, which is not the case. For the on-prem, what is really happening is that you are pre-sorting it, so when the machine checks-in, it will then be placed under the group you specified, which will then conform to the policy assigned to the chosen group. If the machine never finishes checking-in, it will still run but it will be running a default setup, not the chosen group's policy.

For the cloud product, your install will tie into the default group and default policy, which is setup to not have Endpoint Protection turned on, it is instead defaulted to Incident Response for maximum system compatibility on initial push as not every machine will be able to run all the realtime protections available in the Endpoint Protection piece. The machines will then need to be manually sorted into whatever group/policy you would like them to run under after it checks-in to the cloud console. There is no equivalent "pre-sort" functionality for the cloud product.

Link to post
Share on other sites
  • Staff

We haven't been able to fully put out content for you guys because of all the firefighting we've been having to do but it has been brought up here a few times. Read "not all computers" as "servers". It is server OS and server roles that can preclude you from using everything within EP. This post of mine mentions it, you were on that thread IT_Guy, not sure why you are saying this is the first you have heard of it - 

 

Link to post
Share on other sites

Sorry for a late response, we had a firefight when this issue happened to the whole company and we had to uninstall then install and completely disable all services until we can figure some stuff out. I have a ticket with MB and they've collected logs and had a remote session with no luck so far. It appears that the Anti Exploit even when disabled in the settings for all browsers will still keep the browsers hanging when closed and freeze after being used for a little bit. Something with DLL injection and i would assume Sophos but like i said our on prem version anti exploit didn't have any issues with Sophos and the MBAE client.

So for now i'll wait to reply to this until i can hear back from the team, o far they've been very helpful in the situation. I also created a thread in the comments and suggestion section for the groups and policy thing since i cannot replicate our previous installer settings without manually moving clients and what not. That post is here if anyone is interested:

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.