Known issues in the Windows agent
Windows
agent* After upgrading to a version of CylancePROTECT Desktop later than 3.0, if a process that's in the exclusion list is run from a network share, a system bug check might occur. (EUS-1732) |
* After upgrading to CylancePROTECT Desktop version 3.2.1001, a system bug check error might occur when you turn on device control. (EUS-1724)Workaround : Disable device control. |
* When running CylancePROTECT Desktop 3.x on an ASP-based web server, the server throws a "Create object failed" error if Active Script is turned on in the script control policy. (EUS-1699) Workaround : Turn off the Active Script script control policy. |
* When device control is turned on and you connect a mobile device to your computer using the mobile transfer protocol, CylancePROTECT Desktop does not resolve the device's serial number and reports a null value to the console. (EUS-1691) |
* When running CylancePROTECT Desktop 3.x on a web application server, such as for an ASP-based website, w3wp.exe might stop responding when the application pool is restarted. (EUS-1682) Workaround : Turn off the Active Script script control policy or add the following memory protection exclusions:
|
* When running CylancePROTECT Desktop 3.1, PS/nVision software stops responding if script control is turned on and set to Alert in the device policy. When using it with Microsoft Excel, Excel might eventually stop responding too. (EUS-1653)Workaround : Add the following memory protection exclusions:
|
* When running CylancePROTECT Desktop 3.x on application servers, w3wp.exe might stop responding when script control is turned on in the device policy. (EUS-1647) |
CylancePROTECT Desktop might not successfully block Microsoft
Excel files that are infected with Kangatang or Laroux viruses even though the Dangerous VBA Macros policy is turned on. (EUS-1465) |
If a USB device is connected at device startup, sometimes the device control policy blocks it even though there is a valid exclusion set in the device policy. (EUS-1424) Workaround : Disconnect and reconnect the USB device. |
The Barco ClickShare app stops responding when memory protection is turned on in the device policy. (EUS-1283) Workaround : Add a memory protection exclusion for clickshare_native.exe . |
On some devices running Windows Server 2012 R2, rundll32.exe stops responding after a memory protection violation. (EUS-1267) |
The script control policy for XLM macros is not enforced if the Excel Trust Center > Macros Settings is set to "Enable VBA macros". (EUS-1065) Workaround : Verify that one of the "Disable VBA macros" is selected. |
When the Windows 8.3 short naming format of a process path is used to execute a file (e.g. C:\PROGRA~1\folder\file.exe ) and the memory protection exclusions are defined using the long naming format for that process (e.g. C:\Program Files\folder\file.exe ), the exclusions do not apply. (EUS-593) Workaround : Ensure that files are executed using the long path format. Note that adding exclusions using the Windows 8.3 short naming format is not supported. |
* The Cylance driver for device control (CyDevFltV2) remains loaded and running even after device control is turned off in the device policy and the device was already restarted. (EPP-5112) |
* If the self-protection level installation parameter is set to allow local administrators to modify the registry and services, the local admin user gets an error when trying to make modifications. (EPP-4786) Workaround : Restart the device or manually grant full permissions to the Cylance Desktop folder. |
* If the device has different versions of CylancePROTECT Desktop agent assemblies or .dll files referenced in the .NET Global Assembly Cache (for example, AlphaFS.dll), the agent cannot start properly if it can't find a matching reference. (EPP-4608) |
When you open Microsoft
Excel documents through an Outlook attachment or OneNote tab, OfficeClickToRun.exe triggers alerts from the Updates folder. (EPP-4406) Workaround : Add an exclusion for C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates*\OfficeClickToRun.exe* |
When trying to launch Microsoft Visual
Studio 2022, several System DLL Overwrite violations are reported and it is not launching as expected. (EPP-2312)Workaround : In the device policy, add an exclusion to ignore "System DLL Overwrite" violations for devenv.exe that is located in the installation folder of Visual Studio 2022. For example, set the exclusion to ignore "System DLL Overwrite" violations at \Program Files\Microsoft Visual Studio\2022\Professional\Common7\IDE\devenv.exe . The installation path may differ between editions and locales. |
If you assign a device policy with script control set to "Block" but allow PowerShell console usage, scripts run from the PowerShell console are blocked. (CHP-8409) |
On the Script tab of the Windows agent, the command line display in the tooltip for a long PowerShell script shows duplicated and overwritten information. (CHP-8349) |
The Cylance service may intermittently get stuck in a “StopPending” state when cycling between a stopped and running state. (CHP-7174) |
When "System DLL Overwrite" is enabled in the memory protection policy, using AutoCad 2022 (S.51.0.0) and trying to log in to an AutoCad account triggers a memory protection event. (COM-3896) Workaround : Add a memory protection exclusion for AutoCad for the System DLL Overwrite violation type. |