Exploit Prevention Content Version 12789 Causes MSI Installers to Fail
Last Modified: 2023-04-28 09:05:00 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Exploit Prevention Content Version 12789 Causes MSI Installers to Fail
Technical Articles ID:
KB96486
Last Modified: 2023-04-28 09:05:00 Etc/GMT Environment
Endpoint Security (ENS) Threat Prevention - all versions
Problem
After you update ENS to EP content version 12789, signed MSI installers fail. When you view the Exploit Prevention logs, you see no blocks have been recorded. Cause
While the exact reason is currently undetermined, a new signature (6251) has been added to this content release, which blocks attempts to bypass Solution
NOTE: Any future product functionality or releases mentioned in the Knowledge Base are intended to outline our general product direction and should not be relied on, either as a commitment, or when making a purchasing decision. We're continuing to review the root cause, and updates to this article will be supplied as more progress is made. To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
Workaround 1
Disable Exploit Prevention as an isolation step to make sure that the issue no longer occurs after installing content version 12789. If the issue continues after disabling Exploit Prevention, contact Trellix Support and open a new Service Request. To contact Technical Support, go to the Create a Service Request page and log on to the ServicePortal.
If disabling Exploit Prevention resolves the issue, use the following workaround while the investigation continues to determine the root cause.
Workaround 2
An out-of-band content release has been provided to work around the issue while investigiation continues on the root cause. The content version is 10.6.0.12892 and is available as of April 26th, 2023 for download in On-Prem ePO, as well as ePO SaaS. The new content can be manually downloaded. NOTE: After updating to the out-of-band content version, signature 6251 still appears within the policy configuration for Exploit Prevention. The out-of-band content removes the signature from the content files loaded by Exploit Prevention. The existence of the signature appearing within the policy has no affect on product functionality. Affected ProductsLanguages:This article is available in the following languages: |
|