App Control: Agent Incompatibility with DFS Namespaces on Server 2019/2022
search cancel

App Control: Agent Incompatibility with DFS Namespaces on Server 2019/2022

book

Article ID: 288996

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

File paths using DFS namespace are mapped to the DFS physical servers and not the DFS namespace when hosted on Window Server 2019/2022.

For example for DFS Namespace: \\dfs\dfsnamespace
  • \\dfs\dfsnamespace\folder1 is hosted on a Server 2016 here: \\dfs-server-2016\folder1
  • \\dfs\dfsnamespace\folder2  is hosted on a Server 2019/2022 here: \\dfs-server-2019\folder2

"File.exe" is located in both folder1 and folder 2, but the App Control agent will show the file path differently depending on the physical Server OS hosting it:

  1. DFS files hosted on Windows Server 2016/2012/2008, App Control displays the path correctly using the DFS namespace:
    • \\dfs\dfsnamespace\folder1\file.exe
  2. DFS files hosted on Windows Server 2019/2022, App Control displays the path using the DFS physical server and NOT the DFS namespace:
    • \\dfs-server-2019\folder2\file.exe

Environment

  • App Control Windows Agent 8.x - 8.9.2
  • Windows Server 2019, 2022

Cause

 Microsoft made changes to newer versions of the "Fltmgr.sys" driver on Server 2019/2022 and now API calls return the physical server instead of the DFS namespace

Resolution

Fixes to accommodate the changes made to "Fltmgr.sys" are expected in App Control agent version 8.9.2

Until the 8.9.2 release please configure Custom rules to use the physical server location rather than the DFS namespace.

Additional Information

Bug numbers to track this issue EP-17573, EP-19024