Hello,
is anybody affected by AMSI feature as it is included in ENS Threat Protection?
We are running a deployment solution that got interfered by the way McAfee handles AMSI.
If enabled AMSI (even in observe mode) in OAS policies our deployment agent fails, if disabled everything is fine, better was fine..... since we started deploying ENS 10.7 disabling AMSI does not the trick, means our deployment agent does not work anymore....
Following had been installed on the PC's:
McAfee Endpoint Security Platform 10.7.0.1285
McAfee Threat Protection 10.7.0.1415
McAfee Adaptive Threat Protection 10.7.0.1285
McAfee Threat Protection 10.7.0.1415
McAfee Web Control 10.7.0.1086
Actually there is no way to get the deployment agent running other than removing 10.7 or rolling back to 10.6. Strange thing (valid for all ENS version) no event or log is written by ENS even if debug log is enabled. It simply blocks it.
Support tickets had been opened month ago at McAfee and the deployment solution vendors support. The play kind of ping pong on customers back, blaming each other and that's it. No solution, no progress.
Just for the record, our setup was also tested using 4 other AV vendors and none of them had an issue. Neither with the used deployment solution nor with Windows 10 AMSI. In my opinion it is ENS who is causing the trouble due to this.
Anyone else having issues with applications if the AMSI is enabled in the OAS policies? How did you fix it? Any help appreciated....
KR
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA