Exploit Prevention rules aren't visible in ePO policy
Last Modified: 2024-03-26 06:38:13 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Exploit Prevention rules aren't visible in ePO policy
Technical Articles ID:
KB96268
Last Modified: 2024-03-26 06:38:13 Etc/GMT Environment
Endpoint Security (ENS) Threat Prevention - all versions ePolicy Orchestrator (ePO) Problem
After performing an Exploit Prevention content update, the signatures don't appear, are missing, or aren't removed correctly from the Threat Prevention policy in ePolicy orchestrator (ePO).
System Change
Exploit Prevention content is checked-in to the main repository of ePO while there's no ENS Threat Prevention extension installed.
Cause
The cause for this issue could be one of the following. Cause 1: When Exploit Prevention content is checked-in to the main repository of ePO, an event is triggered to update the ENS Threat Prevention policy with the latest rules. If no Threat Prevention extension is installed at the time the Exploit Prevention content is checked-in, processing of this event doesn't occur and leads to policy inconsistencies. Cause 2: With the release of ENS for Windows 10.7 November 2022, an issue was identified with the Threat Prevention extension not displaying newly added rules and a repost extension was published. The faulty extension is 10.7.0.5102 and is superseded by repost extension 10.7.0.5112. Solution
For ePO on-prem customers: To resolve this issue, perform the following steps:
When new Exploit Prevention content is checked in, the signatures listed in the Exploit Prevention policies won't be updated to reflect the signatures in the new content. To resolve this issue, wait for an extension upgrade containing the new content. After this upgrade, you'll then see the signature changes. Our product software, upgrades, maintenance releases, and documentation are available on the Product Downloads site.
NOTE: You need a valid Grant Number for access. See KB56057 - How to download product updates and documentation for more information about the Product Downloads site, and alternate locations for some products. Affected ProductsLanguages:This article is available in the following languages: |
|