This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
BrunoCiongoli
Collaborator
‎2022-02-09 06:09 AM
Jump to solution

Harmony Endpoint issue with office files

We are making our first steps with Harmony Endpoint and we are facing some issues

When we try to open an office file with the endpoint client enabled, it does not allow me to open it (attached image)

excel.jpg

If we disable the anti-malware blade I can open it without any problem

antimalware2.png

Aditional information:

 

-The client is in version E86.00

-all the clients are running in windows 10, in the same domain

-The files are extension XLSX

 

Someone knows what can occur?

 

 

 

 

 

 

 

 

0 Kudos
1 Solution

Accepted Solutions
jcortez
Employee
Employee
‎2022-02-17 06:21 AM
In response to K_montalvo
Jump to solution

@BrunoCiongoli 

Please open a SR/Case with our TAC Endpoint Team. This would be the best way forward. We wouldn't be able to properly troubleshoot here.

Also, yes our current recommended client is E86.01 but I would suggest using E86.20. And coming very soon our new recommended client will be E86.25 since our E86.01 client has a number of issues/bugs in regards to MS Documents and Files working with our SBA/Threat Prevention Blades.


Justin Cortez
Technology Leader | Endpoint Cyber Security Products | Americas Endpoint Team

View solution in original post

12 Replies
J_B
Collaborator
‎2022-02-10 05:43 AM
Jump to solution

Does this happen with any MS Office file, word, excel, or is it just Excel files?  If it's just with Excel files, do these files have any macros or VB Scripts in them which endpoint could see as malware?

Also does this happen if you open the file from within the MS Office application and also if you open the file directly from windows explorer?

Do you see any errors in the log files, or does the malware blade show any infections? 

Can you translate the error that you see into English?

0 Kudos
BrunoCiongoli
Collaborator
‎2022-02-10 06:33 AM
In response to J_B
Jump to solution

Hi J_B, thank you for your response.

there are also some ".docx" documents too, but most are ".xlsx". Some of this documents do have macros and others do not. But if necessary, how can I allow macros or VBS's to normally run in the documents?

Regarding the location or the app from which the files are being opened and the logs, I need to get back to the client to verify.
What I can confirm, is that the same file failing to open on a mapped network drive, opens without issues from a local drive.

I´ve just realized the error message in spanish. I´ve cropped the screenshot and pasted here without checking that 🙂

The error says
Could not find "K:\Path\ABCD.XLSX". Check your spelling or try a different path.

0 Kudos
BrunoCiongoli
Collaborator
‎2022-02-10 10:01 AM
In response to BrunoCiongoli
Jump to solution

Hi J_B, I add to the previous response that if I open the file from within the MS Office application and also if I open the file directly from windows explorer the error also occurs

There are no errors in the logs and the anti malware blade does not have any infections related to the mentioned files.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-02-10 06:24 AM
Jump to solution

Please pilot E86.20 and advise the result.

CCSM R77/R80/ELITE
0 Kudos
BrunoCiongoli
Collaborator
‎2022-02-10 08:48 AM
In response to Chris_Atkinson
Jump to solution

Thank you for your response Chris

0 Kudos
BrunoCiongoli
Collaborator
‎2022-02-15 10:55 AM
In response to Chris_Atkinson
Jump to solution

Hi Chris

We tried with 86.20 and what happens now is that it allows to open the file, but the following error appears when we try to modify the file:

"File blocked. Try it again"

0 Kudos
J_B
Collaborator
‎2022-02-15 11:42 AM
In response to BrunoCiongoli
Jump to solution

Is the "File blocked. Try it again" error message being generated from Windows/MS Office, or is it a Check Point dialogue box error message?

When you open the file and try to modify it are you seeing anything in the check point logs on the client device?  'Right click padlock' -> 'Display Overview' -> 'Advanced' -> 'View Logs'

I'm assuming the users have write permission to the files that they're trying to modify?

You mentioned that it works if the Anti-Malware blade is disabled, I'm looking at the Anti-Malware policy and there isn't really much in there that you can configure.  One thing you could try is in the 'Scan all files upon access' is to add in and exclude one of the files that you're trying to modify.  You might be able to add a wild card for all .xlsx or .docx - Someone else may be able to confirm if that policy allows wildcards.  At least that would help to identify if it's that part of the policy that is blocking the access.

We're running E86.10 and I've not seen any issues like you've described.

the_rock
Legend
Legend
‎2022-02-10 06:28 AM
Jump to solution

Might be worth check with TAC, but I agree with Chris, E86.20 is good option, as it is newest client and seems to work really well.

BrunoCiongoli
Collaborator
‎2022-02-10 08:49 AM
In response to the_rock
Jump to solution

Thank you for your response.

0 Kudos
K_montalvo
Advisor
‎2022-02-10 07:58 AM
Jump to solution

86.01.1005 is the recommended version to use, also if necessary you can start here https://www.udemy.com/share/104WGC3@7Strm2-BCtfptNMk_AR_Pp3tgQt9fouJtmawKOSTJqQ4aoP-FMv4lWIAJiq5vkIF...

 

0 Kudos
jcortez
Employee
Employee
‎2022-02-17 06:21 AM
In response to K_montalvo
Jump to solution

@BrunoCiongoli 

Please open a SR/Case with our TAC Endpoint Team. This would be the best way forward. We wouldn't be able to properly troubleshoot here.

Also, yes our current recommended client is E86.01 but I would suggest using E86.20. And coming very soon our new recommended client will be E86.25 since our E86.01 client has a number of issues/bugs in regards to MS Documents and Files working with our SBA/Threat Prevention Blades.


Justin Cortez
Technology Leader | Endpoint Cyber Security Products | Americas Endpoint Team
Chris_Atkinson
Employee Employee
Employee
‎2022-03-07 07:45 AM
In response to jcortez
Jump to solution

As @jcortez mentioned was coming, E86.25 is now available per sk177584.

 

 

CCSM R77/R80/ELITE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events