Hello All,
Looking for some help with application control policy.
Got a log attached. To my understanding:
There was an update at 20200814 100505 where detection count is stated, after this loads of apps got blocked. Even those that we have been whitelisting for years.
Cisco Jabber was added to the list 4th of August according to the RSS feed and the policy was to block everything that was not explicitly whitelisted. We had to change that, as users kept complaining.
Nevertheless, after another update 20200814 100642 all apps are ok.
Cisco VPN is being blocked which prevents the users from getting on to VPN, that's an issue. And without VPN we cannot force polcies or reinstall Sophos remotely...
Any idea what could have gone wrong?
Many thanks
D.
20200814 100505 Using detection data version 5.77 (detection engine 3.77.1). This version can detect 53270331 items.
20200814 100505 User (NT AUTHORITY\LOCAL SERVICE) has started on-access scanning for this machine.
20200814 100526 File "C:\program files\internet explorer\iexplore.exe" of controlled application 'Internet Explorer 11' (of type Internet browser) has been detected.
20200814 100526 On-access scanner has denied access to location "C:\program files\internet explorer\iexplore.exe" for user NT AUTHORITY\SYSTEM
20200814 100530 File "C:\Program Files (x86)\Internet Explorer\iexplore.exe" of controlled application 'Internet Explorer 11' (of type Internet browser) has been detected.
20200814 100530 On-access scanner has denied access to location "C:\Program Files (x86)\Internet Explorer\iexplore.exe" for user DOMAIN\user
20200814 100531 File "C:\Program Files (x86)\Cisco Systems\Cisco Jabber\CiscoJabber.exe" of controlled application 'Cisco Jabber Application' (of type Instant messaging) has been detected.
20200814 100531 On-access scanner has denied access to location "C:\Program Files (x86)\Cisco Systems\Cisco Jabber\CiscoJabber.exe" for user DOMAIN\user
20200814 100531 File "C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe" of controlled application 'Citrix Receiver' (of type Business Intelligence Tool) has been detected.
20200814 100531 On-access scanner has denied access to location "C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe" for user DOMAIN\user
20200814 100532 File "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" of controlled application 'Cisco AnyConnect Secure Mobility Client' (of type Proxy / VPN tool) has been
detected.
20200814 100532 On-access scanner has denied access to location "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" for user DOMAIN\user
20200814 100601 File "C:\program files\internet explorer\iexplore.exe" of controlled application 'Internet Explorer 11' (of type Internet browser) has been detected.
20200814 100601 On-access scanner has denied access to location "C:\program files\internet explorer\iexplore.exe" for user DOMAIN\user
20200814 100642 Using detection data version 5.77 (detection engine 3.77.1). This version can detect 53270341 items.
20200814 102905 Controlled application "Outlook" has been authorized.
20200814 102905 Controlled application "Internet Explorer 11" has been authorized.
20200814 102905 Controlled application "Cisco Jabber Application" has been authorized.
20200814 102905 Controlled application "Citrix Receiver" has been authorized.
20200814 102905 Controlled application "Cisco AnyConnect Secure Mobility Client" has been authorized.
20200814 102905 Controlled application "Google Chrome" has been authorized.
20200814 102905 Controlled application "Microsoft Powershell" has been authorized.
20200814 102905 Controlled application "Microsoft WSH CScript" has been authorized.
This thread was automatically locked due to age.