Cannot run Avaya agent on host with WSS agent enabled

book

Article ID: 211381

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

Users using the roaming WSS agent on Windows devices are experiencing Connection issues with Avaya Softphone Application 

Avaya Softphone uses TCP 5060 and should not be intercepted by WSS Agent

Our softphone is connecting directly to the server on IP block 172.17.x.x and therefore again as per documentation traffic should not be being blocked as its an internal range specific.

Added the ip to the bypass for both IP and Application without success

Disabling the WSS agent has no effect and this does not allow it to work

Uninstalling the WSS agent however instantly fixes the issue instantly and reinstalling brings the issue back 

 

Cause

Windows Information Protection (WIP) policy with Intune blocking outbound packets

Environment

WSS Agent 7.2.1 on Windows

Microsoft InTune security policies enabled on host (WIP) 

Resolution

Added the Avaya Application “exe” being affected by WIP configuration to an allowed list within the policy on Intune MDM

This effectively allows the application traffic to be tagged as allow and not “evaluated” by WIP as a result the applications which were being blocked are now working fine

The "Add a desktop app to your protected apps list" section of the InTune doc at https://docs.microsoft.com/en-us/mem/intune/apps/windows-information-protection-policy-create shows how to do this