Managed endpoints are not receiving Application Control policy
I currently am having issues with updating the application control policy for one of my managed endpoints. I added a process to the Updaters tab by using its SHA value, and sent an agent wake-up call to the endpoint so that it could receive the new policy update. However, the endpoint is still generating Application Control execution denied events by the updater process.
How can I verify that the policy is being applied to the endpoint?
I also tried adding an updater via 'sadmin udpaters add -d <executable name>' command, and it shows up when I run 'sadmin updaters list'. However, there is no effect, and I'm still getting Application Control execution denied events for that updater as well.
Re: Managed endpoints are not receiving Application Control policy
@Sivakumar1 I ran the command and then relaunched the process, but it is still getting "File Write Denied" application control events under that process. Is there a way to turn off file write-protection on the endpoint? I only want events about file execution denied; I don't want to have write-protection enabled.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.