Terminate Process action in Custom Application Behavior policy isn't stopping processes as expected
search cancel

Terminate Process action in Custom Application Behavior policy isn't stopping processes as expected

book

Article ID: 394933

calendar_today

Updated On:

Products

Endpoint Security Endpoint Security Complete Endpoint Security for Servers

Issue/Introduction

When configuring a Custom Application Behavior policy to Terminate Process, it's not blocking or killing the process as expected in the policy on devices with the SEP 16 agent installed.

Environment

Endpoint Protection (SEP) 16 cloud managed agent.

Resolution

This issue is under investigation and this document will be updated with new information as it becomes available. This issue only affects cloud managed SEP 16 agents.  It does not impact on-premise or SEP 14.3.x agents.

Workaround

Edit the Custom Application Behavior policy, then find the Terminate Process Attempts Rule.  Modify the Process Definition section for any process configured to be terminated.  In the "NAME APPLICATION TO MATCH" field, when entering the process name, prepend ".*" (period then asterisk, no quotes) to the process name.  Then select "Use regular expression matching".  

Powered by Wolken Software