Known issues in the

Windows

agent

* When a USB video device is connected to your computer and device control is turned on, a system bug check (PAGE_FAULT_IN_NONPAGED_AREA) occurs randomly after the device remains idle for several hours. (EUS-1733)

When upgrading from

CylancePROTECT Desktop

2.x to 3.1 or later (from non-AMPPL to AMPPL), if the upgrade is not successful (for example, a .dll file could not be verified in the global assembly cache) and the rollback to 2.x is not successful either, the agent service cannot restart or function properly. (EPP-5663, EPP-5222)

Before you upgrade from agent version 2.x to 3.1 or later, first upgrade to 3.0.1005. From 3.0.1005, you can upgrade to 3.3 or a more recent version. For details about the upgrade paths for each version, see the upgrade path information.

After upgrading to a version of

CylancePROTECT Desktop

later than 3.0, if a process that's in the exclusion list is run from a network share, a system bug check might occur. (EUS-1732)

After upgrading to

CylancePROTECT Desktop

version 3.2.1001, a system bug check error might occur when you turn on device control. (EUS-1724)

Workaround

: Disable device control.

When device control is turned on and you connect a mobile device to your computer using the mobile transfer protocol,

CylancePROTECT Desktop

does not resolve the device's serial number and reports a null value to the console. (EUS-1691)

When running

CylancePROTECT Desktop

3.1, PS/nVision software stops responding if script control is turned on and set to Alert in the device policy. When using it with Microsoft Excel, Excel might eventually stop responding too. (EUS-1653)

Workaround

: Add the following memory protection exclusions:

CylancePROTECT Desktop

might not successfully block

Microsoft Excel

files that are infected with Kangatang or Laroux viruses even though the Dangerous VBA Macros policy is turned on. (EUS-1465)

On some devices running

Windows Server

2012 R2,

rundll32.exe

stops responding after a memory protection violation. (EUS-1267)

The script control policy for XLM macros is not enforced if the Excel Trust Center > Macros Settings is set to "Enable VBA macros". (EUS-1065)

Workaround

: Verify that one of the "Disable VBA macros" is selected.

* You might observe a significant delay in launching large applications (> 100 MB) while

CylancePROTECT Desktop

locally scores the executable. The delay is not present until the device is rebooted and you launch the application again. (EPP-5623)

The

Cylance

driver for device control (CyDevFltV2) remains loaded and running even after device control is turned off in the device policy and the device was already restarted. (EPP-5112)

When trying to launch

Microsoft Visual Studio

2022, several System DLL Overwrite violations are reported and it is not launching as expected. (EPP-2312)

Workaround

: In the device policy, add an exclusion to ignore "System DLL Overwrite" violations for devenv.exe that is located in the installation folder of

Visual Studio

2022. For example, set the exclusion to ignore "System DLL Overwrite" violations at

\Program Files\Microsoft Visual Studio\2022\Professional\Common7\IDE\devenv.exe

.  The installation path may differ between editions and locales.

If you assign a device policy with script control set to "Block" but allow PowerShell console usage, scripts run from the PowerShell console are blocked. (CHP-8409)

On the Script tab of the

Windows

agent, the command line display in the tooltip for a long PowerShell script shows duplicated and overwritten information. (CHP-8349)

The

Cylance

service may intermittently get stuck in a “StopPending” state when cycling between a stopped and running state. (CHP-7174)

When "System DLL Overwrite" is enabled in the memory protection policy, using AutoCad 2022 (S.51.0.0) and trying to log in to an AutoCad account triggers a memory protection event. (COM-3896)

Workaround

: Add a memory protection exclusion for AutoCad for the System DLL Overwrite violation type.