Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Cliff_Becker
Participant

Sandblast Agent preventing applications from performing functions

I currently have the Sandblast E80.82 client installed and when the Forensic, Remediation and Anti-Ransomware is deployed users can not open files in QuickBooks 2017.  When I uninstall the blade QuickBooks works. Apparently disabling the policy does nothing.

There are no notifications to the client that Sandblast has performed any action.

The GUI shows cases that occurred at 5:30 AM under analyzed cases or infections and that workstation was not being used at 5:30 AM, even still the Forensic Analysis reports "These are potentially malicious files that were not remediated."

The log viewer shows that the same TE Event but the "Remediation Action" is Ignore.

SmartLog shows the same entry as Detect not Prevent.

I downloaded a file that I know would trigger a Prevent Action by Forensics Case Analysis and indeed the Action was Prevent and it was logged in SmartLog.

I have tried adding the QuickBooks executables as exclusions to the monitoring and exclusions of Forensics, Remediation and Anti-Ransomware and the folders used by QuickBooks as exclusions to Threat Extraction and Emulation.

Any suggestions on how to resolve this.

Regards.

1 Reply
Charris_Lappas
Collaborator

Try first to uninstall the SAB and replicate the behaviour. If everything is fine install it again and check if it is blocking. Normally you will see something on the logs.

Thanks,

Charris Lappas 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events