Our Endpoint Client is randomly ignoring "Disable Threat Emulation" settings in the Policy tab.
What in god's name is going on?
I am seeing the sandblast add-in for browsers getting instantiated in Chrome and the CPEP overview dialog box shows Threat Emulation and Anti-Exploit as ON, then off again.
Threat Emulation plugin shows up in the browser UI in Chrome and all PDFs are being emulated on download attempt even if you are going to the same link and downloading the same file again.
I tried upgrading the client to the latest version and re-pushed policy and it is still happening. inconsistently but often
Endpoint is Killin me.... It's always seeming to want to drive me batty.
Client OS is Windows 10 1909 with CPEP Client 82.10 installed
Management Server is running 80.30 Gaia 3.10 Jumbo Hotfix Accumulator for Security Management (Take 111) and Smart Console / Smart Endpoint console is build 36.
I don't want to have to push out a deployment rule to remove the blade completely but that seems to be the only option.
I will try enabling the blade in policy and using exceptions to see if maybe that works now, because it never did before
Emulation seems to be happening with Chrome most of the time, and IE 11 not so much.
The particular use case I am testing this on is when Chrome is the default Web browser and you click on a link in an email in Outlook 2013 Pro Plus.
I have another end user who has IE as the default browser, and he was still seeing emulation happening, though he is in a policy rule which disables Threat Emulation completely as well.
This is problematic because we have a Citrix Workspace based web application we need to use to reach our invenstment bankng account managment system at UBS and it breaks the ability for the ConsultWorks app to launch the .ica file that launches it once you log into the portal.