AnsweredAssumed Answered

Sandblast Agent preventing applications from performing functions

Question asked by Cliff Becker on Apr 28, 2018

I currently have the Sandblast E80.82 client installed and when the Forensic, Remediation and Anti-Ransomware is deployed users can not open files in QuickBooks 2017.  When I uninstall the blade QuickBooks works. Apparently disabling the policy does nothing.

 

There are no notifications to the client that Sandblast has performed any action.

The GUI shows cases that occurred at 5:30 AM under analyzed cases or infections and that workstation was not being used at 5:30 AM, even still the Forensic Analysis reports "These are potentially malicious files that were not remediated."

The log viewer shows that the same TE Event but the "Remediation Action" is Ignore.

SmartLog shows the same entry as Detect not Prevent.

I downloaded a file that I know would trigger a Prevent Action by Forensics Case Analysis and indeed the Action was Prevent and it was logged in SmartLog.

 

I have tried adding the QuickBooks executables as exclusions to the monitoring and exclusions of Forensics, Remediation and Anti-Ransomware and the folders used by QuickBooks as exclusions to Threat Extraction and Emulation.

 

Any suggestions on how to resolve this.

Regards.

Outcomes