On-access scan process policy fails to enforce
Last Modified: 2023-02-07 21:49:45 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
On-access scan process policy fails to enforce
Technical Articles ID:
KB93460
Last Modified: 2023-02-07 21:49:45 Etc/GMT Environment
Endpoint Security (ENS) Threat Prevention 10.7.x, 10.6.x
Problem
After you upgrade ENS, changes to the high risk or low risk process list in the on-access scan policy sometimes do not take effect. The changes are not enforced on the endpoint after a high number of processes have been added for each type. The ENS logs contain errors similar to the following. From the 2020-09-21 12:06:39.715Z|Error |MaSpb |mfetp | 5296| 2820|MaSpb |msgbus_EnforcePolicies.cpp(2089) | Failed to enforce OAS policies. Error: 0x26 From the 2020-09-21 12:06:39.700Z|Debug |oasbl |mfetp | 5296| 5920|OAS |oasbl.cpp(6549) | SetPropertyBegin AVPolicyBeginUpdate policy update handle provided 2020-09-21 12:06:39.715Z|Debug |oasbl |mfetp | 5296| 5920|OAS |oasbl.cpp(10263) | [LOGGER]Failed to format message due to invalid/missing arguments!!! [CheckProcessExistInOtherList processGroup: %s processList: %s modified: %d] 2020-09-21 12:06:39.715Z|Debug |oasbl |mfetp | 5296| 5920|OAS |oasbl.cpp(10139) | SaveProcessList: 0x26 2020-09-21 12:06:39.715Z|Error |oasbl |mfetp | 5296| 5920|OAS |oasbl.cpp(6673) | Failed to set property : OAS_PROCESSES_LIST 2020-09-21 12:06:39.715Z|Debug |oasbl |mfetp | 5296| 5920|OAS |oasbl.cpp(6614) | SetPropertyEnd AVPolicyEndUpdate failed. AVError = 0xa7f4050d Solution
This issue is resolved in ENS 10.6.1 November 2020 Update and ENS 10.7.0 November 2020 Update. Our product software, upgrades, maintenance releases, and documentation are available on the Product Downloads site.
NOTE: You need a valid Grant Number for access. See KB56057 - How to download product updates and documentation for more information about the Product Downloads site, and alternate locations for some products. Affected ProductsLanguages:This article is available in the following languages: |
|