UAC settings can prevent an ePolicy Orchestrator registered executable from running
Last Modified: 2023-08-08 10:11:32 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
UAC settings can prevent an ePolicy Orchestrator registered executable from running
Technical Articles ID:
KB94089
Last Modified: 2023-08-08 10:11:32 Etc/GMT Environment
ePolicy Orchestrator (ePO) 5.10.x, 5.9.1
Problem
Registered executables such as Cause
Domain and local administrator accounts both need to pass UAC when permission elevation is needed (the only exception is if UAC is disabled). If the registered executable is defined to run as a specific user, Windows UAC settings are applicable when the ePO Solution
ePO requires local and domain admins to be granted In addition, the following UAC settings need to be applied to the ePO server:
NOTE: The settings can be found in t For additional information about the UAC settings, see the following Microsoft articles: Affected ProductsLanguages:This article is available in the following languages: |
|