Agent Incompatibility with DFS Namespaces on Windows Server 2019/2022
Article ID: 288996
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
File paths using DFS namespace are mapped to the DFS physical servers and not the DFS namespace when hosted on Window Server 2019/2022.
For example for DFS Namespace: \\dfs\dfsnamespace
For example for DFS Namespace: \\dfs\dfsnamespace
- \\dfs\dfsnamespace\folder1 is hosted on a Server 2016 here: \\dfs-server-2016\folder1
- \\dfs\dfsnamespace\folder2 is hosted on a Server 2019/2022 here: \\dfs-server-2019\folder2
"File.exe" is located in both folder1 and folder 2, but the App Control agent will show the file path differently depending on the physical Server OS hosting it:
- DFS files hosted on Windows Server 2016/2012/2008, App Control displays the path correctly using the DFS namespace:
- \\dfs\dfsnamespace\folder1\file.exe
- DFS files hosted on Windows Server 2019/2022, App Control displays the path using the DFS physical server and NOT the DFS namespace:
- \\dfs-server-2019\folder2\file.exe
Environment
- App Control Windows Agent 8.x - 8.9.2
- Windows Server 2019, 2022
Cause
Microsoft made changes to newer versions of the "Fltmgr.sys" driver on Server 2019/2022 and now API calls return the physical server instead of the DFS namespace
Resolution
Fixes to accommodate the changes made to "Fltmgr.sys" are expected in App Control agent version 8.9.2 and documented in the Release Notes. However, until agents are upgraded to 8.9.2 and higher, continue to configure Custom rules to use the physical server location rather than the DFS namespace.
Additional Information
Bug numbers to track this issue EP-17573, EP-19024
Feedback
Yes
No
Powered by
