After you upgrade ENS, changes to the high risk or low risk process list in the on-access scan policy sometimes do not take effect. The changes are not enforced on the endpoint after a high number of processes have been added for each type. The ENS logs contain errors similar to the following.
From the
EndpointSecurityPlatform_Errors.log:
2020-09-21 12:06:39.715Z|Error |oasbl |mfetp | 5296| 5920|OAS |oasbl.cpp(6673) | Failed to set property : OAS_PROCESSES_LIST
2020-09-21 12:06:39.715Z|Error |MaSpb |mfetp | 5296| 2820|MaSpb |msgbus_EnforcePolicies.cpp(2089) | Failed to enforce OAS policies. Error: 0x26
From the
OnAccessScan_Debug.log:
2020-09-21 12:06:39.684Z|Debug |oasbl |mfetp | 5296| 5920|OAS |oasbl.cpp(5479) | GetProcessGroup groupName: Low
2020-09-21 12:06:39.700Z|Debug |oasbl |mfetp | 5296| 5920|OAS |oasbl.cpp(6549) | SetPropertyBegin AVPolicyBeginUpdate policy update handle provided
2020-09-21 12:06:39.715Z|Debug |oasbl |mfetp | 5296| 5920|OAS |oasbl.cpp(10263) | [LOGGER]Failed to format message due to invalid/missing arguments!!! [CheckProcessExistInOtherList processGroup: %s processList: %s modified: %d]
2020-09-21 12:06:39.715Z|Debug |oasbl |mfetp | 5296| 5920|OAS |oasbl.cpp(10139) | SaveProcessList: 0x26
2020-09-21 12:06:39.715Z|Error |oasbl |mfetp | 5296| 5920|OAS |oasbl.cpp(6673) | Failed to set property : OAS_PROCESSES_LIST
2020-09-21 12:06:39.715Z|Debug |oasbl |mfetp | 5296| 5920|OAS |oasbl.cpp(6614) | SetPropertyEnd AVPolicyEndUpdate failed. AVError = 0xa7f4050d