cancel
Showing results for 
Search instead for 
Did you mean: 
neostad
Level 7

Host Intrusion Protection blocking Cisco Webex

Jump to solution

Hello,

I'm having a problem with HIPS blocking Webex meetings and I can't figure out how to create an exception rule to allow it.

When launching a Webex session, Internet Explorer tries to launch C:\PROGRAMDATA\WEBEX\WEBEX\1524\ATINST.EXE and is being blocked by HIPS.

I want to create a rule to allow ATINST.EXE to run, without allowing Internet Explorer to do whatever it wants.

Is there an easy way to do this?  I can't figure it out.

Any help would be appreciated.

Executable file descriptionINTERNET EXPLORER
Executable fingerprint5ac6db399de418e3955f0ca4567bdd37
In Trusted NetworkUnknown
Subject Distinguished NameCN=MICROSOFT CORPORATION, OU=MOPR, O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US
Subject Organization NameMICROSOFT CORPORATION
Target DescriptionBROKER FOR VISTA
Target Distinguished NameCN=CISCO WEBEX LLC, OU=DIGITAL ID CLASS 3 - MICROSOFT SOFTWARE VALIDATION V2, O=CISCO WEBEX LLC, L=SANTA CLARA, S=CALIFORNIA, C=US
Target File NameATINST.EXE
Target Fingerprinte3537dbe178c77db21104f7d4a1dff8c
Target Organization NameCISCO WEBEX LLC
Target PathC:\PROGRAMDATA\WEBEX\WEBEX\1524\ATINST.EXE
0 Kudos
1 Solution

Accepted Solutions
fitchsoccer342
Level 13

Re: Host Intrusion Protection blocking Cisco Webex

Jump to solution

One of the easiest ways to create HIPS exceptions is to click on the machine from your system tree:

Then click the Threat Events tab

Find your WebEx threat and click on it

Click Actions > New Exception (Host IPS 8.0)

Then click whatever policy you want the WebEx exception in

Wake-up the machine to get the new policy

good to go

0 Kudos
4 Replies
fitchsoccer342
Level 13

Re: Host Intrusion Protection blocking Cisco Webex

Jump to solution

One of the easiest ways to create HIPS exceptions is to click on the machine from your system tree:

Then click the Threat Events tab

Find your WebEx threat and click on it

Click Actions > New Exception (Host IPS 8.0)

Then click whatever policy you want the WebEx exception in

Wake-up the machine to get the new policy

good to go

0 Kudos
neostad
Level 7

Re: Host Intrusion Protection blocking Cisco Webex

Jump to solution

I salute you good sir.  I never even saw that feature.

Thank you very much!

0 Kudos
rjblt
Level 7

Re: Host Intrusion Protection blocking Cisco Webex

Jump to solution

For anyone new to this, keep in mind that patches and updates to IE can change the fingerprint.  When this happens the rule won't work until the fingerprint is updated.

0 Kudos
greatscott
Level 12

Re: Host Intrusion Protection blocking Cisco Webex

Jump to solution

you could also create just an exclusion for the target distinguished name:

CN=CISCO WEBEX LLC, OU=DIGITAL ID CLASS 3 - MICROSOFT SOFTWARE VALIDATION V2, O=CISCO WEBEX LLC, L=SANTA CLARA, S=CALIFORNIA, C=US

then select the signature, and leave everything else blank. of course if cisco changes their digital signature, you would need to update the exception.

0 Kudos