After install Data Loss Prevention Agent some applications stopped working

book

Article ID: 184729

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

After the installation of the Data Loss Prevention Agent on workstations, some applications stopped working.

09/25/2019 15:36:03 |  6476 | FINEST  | CodeInjection.HookManager | Sesion 0: OpenProcess failed for process: Pid->9444 ProcessName->C:\Program Files\Software\App.exe Returned Error Code = 87 | DllHooker.cpp(357)
09/25/2019 15:36:03 |  6476 | FINEST  | CodeInjection.HookManager | Session 0: Hooking failed for process: Pid->9444 ProcessName->C:\Program Files\Software\App.exe | HookingTask.cpp(63)
09/25/2019 15:36:04 |  5588 | FINER   | CoreServices.ProcessActivity | Received rtam message for process C:\Windows\System32\PrintIsolationHost.exe(6760) create status(0) session Id(0) sandboxed appliction(0) store appliction(0) subsystem application (0)

 

Cause

Since Windows Defender and it's Exploit Protection feature are natively enabled since Windows 10 build 1709, they can prevent Data Loss Prevention Agent to work properly.

Environment

Windows 10 build 1709 and later.

Resolution

There are two configurations on Windows Defender Exploit Protection feature that need to be change in order to prevent the issue.

Execute the following steps to customize these configurations for the both Data Loss Prevention main processes (EDPA and WDP):

  • Access the Windows Settings, then Windows Security, and after click on App & Browser Control:
  • Following, in the bottom of the window, click on Exploit Protection
  • In Exploit Protection window, click on Program Settings
  • Then click on Add program to customize:
  • Pick Choose exact file path:
  • The steps need to be made for the two main processes of Data Loss Prevention Endpoint Agent (WDP.exe and EDPA.exe)

The default paths are:

%PROGRAMFILES%\Manufacturer\Endpoint Agent\edpa.exe and

%PROGRAMFILES%\Manufacturer\Endpoint Agent\wdp.exe

  • Change the configurations to be like like the screenshots.
  • Click Apply, an Administrative credential will be asked to apply the configurations.

Now you can start your application.

Attachments