Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1665
Views
15
Helpful
3
Replies

CSCvm37634 - [ENH] Request to add TiWorker.exe to default Windows exclusions

imm_baker
Level 1
Level 1

‎10-22-2018 03:12 PM

To clarify - this also occurs when using SCCM to deploy Windows updates, despite the notes in the bug report.

We have 10,000+ PCs currently being affected by this bug, with all updates being deployed by SCCM.

On testing, updates are taking at least 30-40% longer to install (even greater on non SSD PCs). Without manual configuration on the individual update settings, many of the updates don't install with our maintenance windows and the SCCM client will abandon checking for the installation outcome.

This is a really poor design, please fix it properly. We've never had this issue with any other AV. TiWorker.exe is a normal Windows function.

6 people had this problem
Labels:
3 Replies 3

Orlith
Level 1
Level 1

‎11-20-2018 02:58 AM

I had to do a Wilcard exclusion to solve this issue. Can't use Process exclusion as the path/hash may vary a lot

imm_baker
Level 1
Level 1
In response to Orlith

‎11-20-2018 02:34 PM - edited ‎11-20-2018 02:35 PM

Yes, the path/hash varies a lot, it's very annoying.

 

However we weren't comfortable using a wildcard exception of TiWorker.exe as it has too many security implications.

 

It's a very common Microsoft executable, and renaming any virus executable to TiWorker.exe as a means to circumvent all of Cisco AMP's functionality if detected is too great of a risk for our organisation.

0 Helpful

nmatese0420
Level 1
Level 1
In response to Orlith

‎11-28-2018 06:50 AM

What exactly did you use for the wildcard exclusion to make this stop?
0 Helpful
Customers Also Viewed These Support Documents