Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3472
Views
5
Helpful
5
Replies

Cisco AMP for Endpoints & IE ActiveX addon

Kasim
Level 1
Level 1

‎02-28-2019 01:35 PM - edited ‎02-20-2020 09:08 PM

Hey all, 

 

Calling all AMP experts - Looking for some help with an issue that has been driving me bananas. 

 

My client has a website in which they open with IE and it loads an activeX addon (which is installed on the computer and has a C++ component to the installation). the page loads fully and properly without Cisco AMP installed. After installing AMP for endpoints, this page now partially loads and gives VB error. The addon does not load. 

 

I have set exclusions for the file in the installation folder for the addon - issue persists

I have tried a different version of the connector (even with our latest version available - 6.2.19.10882) - issue persists

I have stopped the cisco AMP service - issue persists

 

I have checked the trajectory of the endpoint and nothing is being blocked or marked as suspicious. 

 

Uninstalling AMP makes the addon load fully. I have checked every browser security setting and compared it to a machine that does not have AMP and they all match. 

 

I am at a brick wall and some help would be greatly appreciated. 

2 people had this problem
Labels:
0 Helpful
5 Replies 5

Matthew Franks
Cisco Employee
Cisco Employee

‎02-28-2019 01:39 PM

Sounds like it might be an Exploit Prevention incompatibility.  Please try adding the site to your Trusted Sites in Internet Explorer.

https://www.itg.ias.edu/content/how-add-trusted-sites-internet-explorer

 

Alternatively, you could disable Exploit Prevention in the policy as a test.

 

Thanks,

Matt

Kasim
Level 1
Level 1
In response to Matthew Franks

‎02-28-2019 01:42 PM

Thanks Matt, I will try your suggestions 

0 Helpful

Kasim
Level 1
Level 1
In response to Matthew Franks

‎03-01-2019 07:10 AM

I tested adding the site to Trusted sites and that did not resolve the issue,

I disabled Exploit Prevention and that DID resolve the issue. The curious thing is that with that setting enabled, there were no "exploit prevented" events logged in the trajectory for that machine. Why would that be?

 

I will provide my results to the security admin but i doubt that having this setting disabled will be accepted. Is there anything else I can try that would not disable security features? Any possibility of setting exclusion for exploit prevention?

0 Helpful

Troja007
Cisco Employee
Cisco Employee
In response to Kasim

‎03-07-2019 11:07 PM

Hello @Kasim,

saw the same behavior with a Client in my LAB where an Internet Banking Software was not able to start when Exploit Prevention is enabled. I also saw no event, no blocking, nothing. Only deactivating exPrev helped. 

Have you opened a TAC case for this issue? Would be interesting if there is a solution for this.

Cheers

0 Helpful

Kasim
Level 1
Level 1
In response to Troja007

‎03-08-2019 09:02 AM

I havent yet opened a TAC case yet. That is most likely my next step. 

0 Helpful
Customers Also Viewed These Support Documents