Known issues in the Windows agent
* On some devices running
Windows Server2012 R2,
rundll32.exestops responding after a memory protection violation. (EUS-1267)
On a device running
WindowsServer 2012 R2 and
CylancePROTECT Desktopagent 2.1.1580 and later,
System32\wbem\WmiPrvSE.exeis incorrectly reported as a threat. (EUS-179, EPP-3279)
Each time an executable that's in the exclusion list is run on a device, there are multiple redundant 'UNKNOWN_FILE' log entries associated with it. If the executable is used frequently, the log file size can grow quickly. (EPP-2828)
The script control policy for XLM macros is not enforced if the Excel Trust Center > Macros Settings is set to "Enable VBA macros". (EUS-1065)
Workaround: Verify that one of the "Disable VBA macros" is selected.
If you plug in a UGREEN USB-C hub on a device that's running the
CylancePROTECT Desktopagent with a device control policy, a blue screen error occurs. (EUS-934)
Windows8.3 short naming format of a process path is used to execute a file (e.g.
C:\PROGRA~1\folder\file.exe) and the memory protection exclusions are defined using the long naming format for that process (e.g.
C:\Program Files\folder\file.exe), the exclusions do not apply. (EUS-593)
Workaround: Ensure that files are executed using the long path format. Note that adding exclusions using the
Windows8.3 short naming format is not supported.
When trying to launch
Microsoft Visual Studio2022, several System DLL Overwrite violations are reported and it is not launching as expected. (EPP-2312)
Workaround: In the device policy, add an exclusion to ignore "System DLL Overwrite" violations for devenv.exe that is located in the installation folder of
Visual Studio2022. For example, set the exclusion to ignore "System DLL Overwrite" violations at
\Program Files\Microsoft Visual Studio\2022\Professional\Common7\IDE\devenv.exe. The installation path may differ between editions and locales.
If you assign a device policy with script control set to "Block" but allow PowerShell console usage, scripts run from the PowerShell console are blocked. (CHP-8409)
On the Script tab of the
Windowsagent, the command line display in the tooltip for a long PowerShell script shows duplicated and overwritten information. (CHP-8349)
Windows10 environments, when attempting to upgrade to the 1580 agent, the automatic uninstallation of the previous agent might not be successful. (CHP-8288)
Workaround:Manually uninstall the previous agent and install the 1580 agent.
If the following conditions are met, 32-bit processes that do not have Program Control Flow Guard (CFG) enabled can stop responding:
Cylanceservice may intermittently get stuck in a “StopPending” state when cycling between a stopped and running state. (CHP-7174)
When "System DLL Overwrite" is enabled in the memory protection policy, using AutoCad 2022 (S.51.0.0) and trying to log in to an AutoCad account triggers a memory protection event. (COM-3896)
Workaround: Add a memory protection exclusion for AutoCad for the System DLL Overwrite violation type.