Hello everyone,

I’ve found some weird behavior on our assets using a specific software (let's call it application.exe).

When a user tries to access application.exe, which is excluded in the policy assigned to the asset, it opens a prompt requesting a username and password (higher privileges).

I have tried disabling all endpoint capabilities, but the behavior remains the same. However, here is the strange part: Uninstalling the endpoint agent solves the problem, and it stays fixed even after I reinstall the agent.

I am looking for ideas on how to troubleshoot this further. How can I verify if this is a configuration drift or corruption issue rather than a direct defect in the endpoint software?

Version is E88.72 or E89.05

Cheers,
Oliver