am new to the tool, am trying to find out which Engine from Cisco AMP is blocking the powershell.exe. we have a .vbs script which runs on every start up to set some printer preferences, which is failing obviously due to AMP and user could see an error every time he/she login. when i checked, its not only the script but poweshell.exe it self is blocked. and no specific error pointing to AMP in any logs. but all works well if stop the AMP service.
all I can see an error in windows logs "Faulting application name: conhost.exe, version: 10.0.19041.746"
We're having the same issue on one of our endpoints. It is also preventing Chrome from launching and the event viewer logs a similar error except the faulting module is chrome.exe (Chrome version 90). Powershell also cannot be launched, however I can still open a CMD prompt and enter PS within the CMD prompt. We've reinstalled the desktop connector on the machine, put AMP in audit mode, and even gone as far as reimaging the machine with no luck. The only workaround we know of is to either uninstall AMP from the machine or disable the service. The affected endpoint is running Windows 10 20H2 with the April cumulative update (19042.928).
I'm glad we aren't the only ones with this issue on our hands. Any insight would be greatly appreciated!
I am curious if you were ever able to determine what was causing this? I have just run into this issue with the first one of our clients, and it happens to be a newer HP G8 model endpoint that is running into an issue where Chrome and Powershell can't launch, and our Umbrella client doesn't connect properly on this endpoint. Wondering if this has to do with new HP Security bloatware causing issues, or if it ends up being something in AMP that needs adjusted.