SSO parallels VDI

Question

we have parallels RAS that allow us to login to VDIs. I have setup SSO on parallels it allows me to log in with my user name and password then once i select the vdi it tells me i have to be part of RDP group. I got in touch with Parallels and they suggested that iuninstall sophos endpoint and it worked. they sent me what to exclude, i did apply the exclusion and made sure that the newly created vdis get the policy yet it is still not working. The other weird behavior is that when i uninstall endpoint reinstall it again single sign on remains working. I tried to turn off all the settings on the endpoint to determine what is blocking the sso it still doesn't allow me to log in. I have always to uninstall sophos to make it work. How can i determine what is blocking the sso? any tools or cmd to check what is happening in the background? why when uninstalling the endpoint and reinstalling it, it works?

Sophos User930 · Accepted Answer

So no loading the hmpalert.dll into one or more process helped? Do you know which process or processes are significant? Under exclusions in the Threat Protection policy or even globally, there is the exclusion type: " Exploit Mitigation And Activity Monitoring (Windows)" . ---- ---- At the bottom of that dialog there is a "Exclude Application By Path" section where you can add a path to an exe, e.g.: ---- ---- In this case. When defined and the policy arrives at the computer, PolicyInjectionExclusions under: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hmpalert\Config will contain this configuration. The next time process starts, the hmpalert.sys driver will not inject the hmaplert.dll into it. You can check that in the log file: "C:\ProgramData\HitmanPro.Alert\Logs\sophoshmpaservice.log" the process excluded is no longer listed as that log details the mitigations applied to the process.

SSO parallels VDI

Top Replies