Hi Dameon

We seem to have a "collaborative support contract" (no idea what that means, we were not given any alternatives/explanation by the reseller how that works). This however seems to mean we cannot contact or chat with Checkpoint directly ("In order to open a chat, your account or appliance must be covered with a valid support contract" or "The selected account is covered by a collaborative support contract. To ensure your service request is being handled you should contact your support partner.").

So it seems I cannot go down the suggested path unfortunately.

As I am discovering more and more, the fine print of our Checkpoint investment is not what I expected from the sellers beautifully impressive demo. It has not been a smooth ride (it is unfortunately the worst software experience I have ever had, so far). The Endpoint Security Management Server is a very consultant friendly software, I have to give Checkpoint that at least.

A couple of other suggestions:

1. The policy has somehow changed to not exclude the directory.
2. The detection that is occurring that blocks the files happens before the user logs in and the policy for the entire organization does not have the exclusion.
3. The file has moved to a different location than the one you are excluding.

Getting a dialog going with your partner and our TAC will allow us to see what's going on more closely and more concrete suggestions can be provided.

Yes, I also think it is a false positive. The problem is that the developer might theoretically create any project with any name with any directory.

I asked him to create a new project, compile some code and the same thing of course happened. Anti-Malware stepped in deleting the exe-file. So it kind of seems that users with Visual Studio is incompatible with Anti-Malware.

But that cannot be a general case, I guess that are a lot of organization with software developers running Anti-Malware with success that do not have to contact company support for each and every project they might start.

I must be missing something or not thinking in the right lines here.

I am also having a similar problem with 2 of our developers that have the E80.70HFA1 client and they cannot debug using MSVSMON.exe in Visual Studio 2012.  I have a case opened with TAC so I will update you on my findings.  

From what I've seen, there is a lot of activity in the AntiBot.log in C:\ProgramData\CheckPoint\Logs folder on the times that the developer was trying to debug.  In the AntiBot logs, there were a few errors saying the following:

2018-02-09 16:09:43 t:0x00002740 [.\NFDriverManager.cpp(197)] AntiBot.UrlInterceptor.NFDriverManager [ERROR] Sending a EPNF_IOCTL_AB_VERDICT control code to the driver failed (attempt number: 1 ). Error:87
2018-02-09 16:09:43 t:0x00002740 [.\NFDriverManager.cpp(197)] AntiBot.UrlInterceptor.NFDriverManager [ERROR] Sending a EPNF_IOCTL_AB_VERDICT control code to the driver failed (attempt number: 2 ). Error:87

I have whitelisted the executable MSVSMON.EXE in both Anti-Bot and Sandblast Blades, and they still cannot debug.

Have any of you found a solution yet?