You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Cisco Secure Endpoint agent runs as sfc.exe, which is also the process name of the windows filesystem checker. I'm not sure if this would cause issues but it would at least cause the program to incorrectly identify the host as running Cisco Secure Endpoint.
Default path: C:\Program Files\Cisco\AMP\X.X.X\sfc.exe (X.X.X denotes the version number)
The text was updated successfully, but these errors were encountered:
Thank you for bringing this to my attention. I will initially leave this issue open, as the auto-blocking feature is designed to check only actively running processes. It appears that C:\Windows\System32\sfc.exe is not commonly used as a long-term running process.
However, I do recognize the possibility of a process name collision. Should I receive more reports of similar cases, I will consider updating the code to include the additional checks (e.g., check full path for key words or check if the process is antimalware protected process light).
The Cisco Secure Endpoint agent runs as
sfc.exe
, which is also the process name of the windows filesystem checker. I'm not sure if this would cause issues but it would at least cause the program to incorrectly identify the host as running Cisco Secure Endpoint.Default path:
C:\Program Files\Cisco\AMP\X.X.X\sfc.exe
(X.X.X denotes the version number)The text was updated successfully, but these errors were encountered: