Application and Change Control 8.x Known Issues (Windows) (2024)

Client Issues - Under InvestigationReferenceRelated
ArticleFound
InFixed
InDescriptionMACC-13196-8.3.7-Issue: After an install of Solidcore, you observe that the USB and SSD devices are accessible even though the policy is set to block.

Workaround:

Steps to Consider	Remarks / Implication
sadmin config set CheckCertTrustWithVTP=0 sadmin attr add -u usbstor.sys sadmin attr add -u uaspstor.sys sadmin unso <path>\usbstor.sys sadmin unso <path>\uaspstor.sys NOTE:All the system32 files with the ban rule should have a corresponding unso command running for the files.	WhenCertcheckwithVTP is disabled: In enable mode, upgrades of MS-signed binaries will be supported only with updaters. In update mode, Windows updates or upgrades of anyMS-signed binaries will be fully supported.

MACC-11129
TSDE-12620-8.3.4-Issue: When you enable MP-CASP on systems with 11th and 12th generation Intel Core processors and reboot the system, it goes into an automatic repair loop, stops at the Vendor logo, or generates a BSOD.

Workaround #1: Add rules to perform a CASP bypass for the processes below:

sadmin attr add -c svchost.exe
sadmin attr add -c lsass.exe
sadmin attr add -c winlogon.exe
sadmin attr add -c scsrvc.exe (this is a Solidcore process)

OR

Workaround #2: Disable MP-CASP via ePO policy or local CLI command.
NOTE: Reboot for feature changes to take effect

Navigate to ePO policy under Application Control Options (Windows) -> Features -> Enforce feature control from Trellix ePO -> Memory Protection -> CASP
or
Enter the following:

sadmin features disable mp-caspTSDE-11953-8.2.6-Issue:Modification to a solidified directory is possible after ending update mode.

Workaround:As inventory synchronization doesn't happen when the user exits update mode, the user must manually run the

sadmin lscommand to enforce inventory merge:

1. Start update mode.
2. Perform required changes on the client.
3. End update mode.
4. Execute commandsadmin lsto merge the inventory changes being performed in update mode.

MACC-10283-8.2.18.3.4Issue: Creating an "Image File Execution Options" key for the Application Control service prevents scsrvc.exe from being executed.

Description: Microsoft Windows allows users to specify a debugger image to run instead of a given application. You can specify a debugger image by setting a key into the Windows registry at the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion.
Setting the key for scscrvc.execan prevent the service from being executed.

Solution:As part of the product integrity feature, Application Control protects this registry path from write operations.

MACC-11334-8.3.5-Issue: Unable to install or update Solidcore agent due to the presence of temp files.

Workaround:

1. Open the Task Manager.
2. Check if the process "unzip.exe" is running, and stop the process.
3. Start Update Mode.
4. Delete the temp directory C:\Windows\TEMP\{432DB9E4-6388-432F-9ADB-61E8782F4593}if it exists.
5. Try to reinstall or perform the upgrade again.
6. End Update Mode.

MACC-11363-8.3.5-Issue: Installation/Upgrade failure of Trellix Agent (TA) (Framepkg.exe).MACC-11193-8.3.5-Issue: A Self-approval pop-up keeps displaying when trying to execute any MSI from a network share, and when the action taken by the user is DENY.

Workaround: Wait for 30 minutes. The Self-approval pop-up stops displaying.

MACC-8938-

8.3.0

-Issue: Buffer Overflow with Threat Intelligence Exchange/Global Threat Intelligence (TIE/GTI) causes the scsrvc service to crash.

Workaround: Disable TIE/GTI reputation.

MACC-10318-8.3.2-Issue: Windows version 20H2 installation fails when the Application Control is in Enable Mode.

Workaround: From the ePolicy Orchestrator (ePO) or client, add the updater rule and then install Windows.

sadmin updaters add -p services.exe "\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"MACC-10313-8.3.2-Issue: When ACC is upgraded from version 8.0.2 to 8.3.x and rebooted, the client upgrade status remains as reboot needed.MACC-10311KB936058.3.2-Issue: In rare cases, the installation of binaries stops for an indefinite period when Package Control and the antivirus service are enabled on the system.

Workaround:
From the ePO or client, configure the passthrough process for antivirus service in Solidcore.
Example: In Windows Defender, add the rule:

sadmin attr add -p MsMpEng.exe

After the passthrough process for antivirus is configured, reboot and run the installer again.

MACC-10327-8.3.2-Issue: Incorrect offset calculation can sometimes lead to a bug check on Windows 8.1 and Windows 10 x86 systems.MACC-10295-8.3.2-Issue: When a client enable task is triggered from ePO, the Solidcore client doesn't receive the enable task from MA and sometimes the command line interface also stops.

Workaround: From the ePO or on the client, set the "

MaplErrorHandlerEnabled=0" configuration, and restart the enable task.MACC-10051-8.2.1-Issue:Unable to create FILE_ATTR_MODIFIED/FILE_ATTR_MODIFIED_UPDATE events even when the registry value is set to 0 for FileAttrCTrack.MACC-9939-8.3.1-Issue: One of the Solidcore.log files is displayed as soli.login the %programdata%/McAfee/Solidcore path.MACC-10041-8.3.1-

Access Denied.

MACC-9920-7.0.x-Issue: Performance issues (high CPU or memory) are seen with Reputation enabled on 7.0 and later in Observe mode.

Cause: Frequent inventory merges that cause high CPU utilization.

Workaround: Disable reputation or go to update/enabled mode.TSDE-5590-8.2.6-Issue: Can't insert duplicate key in object 'dbo.SCOR_APPLICATIONS' due to violation of UNIQUE KEY constraint 'SCOR_UNIQUE_CHKSUM'. The duplicate key value is (<NULL>).

Cause:This issue occurs when you try to import rule groups having multiple installers with the same AppName and version. If there are multiple installers with different

chksum values that have the same appName and version, and if there's more than one such appName,you see this error.

Example:
In the following scenario, there's a bug in the parsing

rulegroup xml for installers:1st App: appName1, version1
installer1: cksum_value1
installer2: cksum_value2
And so on....

2nd App: appName2, version2
installer1: cksum_value3
installer2: cksum_value4
And so on....

And so on for different appNames

Workaround:Don't have multiple installers with the same

appName and version in the rulegroup xml.TSDE-4988-8.2.1-

Issue: Some files are denied execution in the Observe mode. Some files are unsolidified anddenied execution.

MACC-9083

-8.2.1-

MACC-8897

-8.2.1-MA-6278
MACC-88978.2.1-Issue: The Scsrvc.exe constantly crashesbecause of aMsgbus.dll issue.TSDE-5022-8.1-

Issue: Process marked as updaters doesn't get updater permissions. This issue affects all SysCore versions. You see the following log error:

TSDE-4217-8.2.1-Issue:The MPCompat Key value is overwritten to the default value (1) during the upgrade.

NOTE:This issue occurs in all versions except the Solidcore Client version 7.0.2.

Workaround:Reconfigure the parameter using:

sadmin config set MPCompat="value"MACC-8759-8.2.1-Issue:The SoIsTidOptimizationEnabled Key value is overwritten to the default value (1) during the upgrade.

NOTE:This issue occurs when an earlier Solidcore Client version is upgraded from 8.0.0.855 to 8.0.0.875 or later.

Workaround:Reconfigure the parameter using:

sadmin config set SoPriority="value" MACC-8759-8.2.1-Issue:The SoPriority Key value is overwritten to the default value (1) during the upgrade.

NOTE:This issue occurs when an earlier Solidcore Client version is upgraded to 8.2.1.114 or later.

Workaround:Reconfigure the parameter using:

sadmin config set SoPriority="value"MACC-8746-8.3.0-Issue:There's an incorrect copyright string for the Extension build 8.3.0.225.MACC-8891-8.3.0-Issue:After the Solidcore standalone installer (InstallShield) is run, the End User License Agreement (EULA) page in the InstallShield wizard displays "EULA (April 2017)."MACC-8574-8.3.0-Issue:In Inventory mode, the "SC Begin Update mode" and "SC Observe mode" ePO client tasks, when executed, take some time to complete. The reason is because the inventory reconciliation is automatically executed in advance. The time taken is based on the number of files with mismatches, such as checksum and types.

Recommendation: Check whether the task "begin update" or "observe" is completed before the reboot.

MACC-8694-8.2.6-Issue:Write denied events are seen for .js files after the Windows upgrade.MACC-9053-8.2.6-Issue:Copyright version for ACC binaries isdisplayedas 2019.MACC-8756-8.2.1-

• 8.2.1 Update 3 toUpdate 4
• 8.2.1 Update 3 toUpdate 5
• 8.2.1 Update 4 toUpdate 5

MACC-8419-8.2.1-Issue: System crash withbug check C2.MACC-7386-8.2.1-Issue: Renaming of Folder containing Solidcore files isn't blocked.MACC-7222-8.2.1-Issue: Change tracking event isn't generated when shared folders are modified on a remote system.--8.2.1-Issue:ACC doesn't detect changes made from a remote system to a file in a shared directory. As a result, content change tracking events aren't generated.1256220-8.2.1-Issue:The Solidcore installation folder isn't removed after an Uninstall Task.1257589-8.2.1-Issue: Deploying Application Control via the ePO Product Deployment workflow doesn't report back the installation status. Even though the installation status reporting is impacted, installation of the product can complete normally.1266718-8.2.1-Issue:Blue screen (kmode exception not handled) is seen after you reboot a system on Windows.

Workaround: After you install ACC and before you do a partial enable, if you've installed a

VSCore version older than 18.12, reboot the system. Then, perform the partial enable.1266827-8.2.1-Issue: BSOD - DRIVER_UNLOADED_WITHOUT_
CANCELLING_PENDING_OPERATIONS - After execute enable full, disable, and enable limited.

Workaround: Send SC: Run commands: task with

sadmin clean C:. Then, send task enable with limited activation. Do the same if it's a standalone.1259000KB912258.2.0-Issue:A system crash without the blue screen or a CLI crash occurs on Windows 10 or Server 2016 systems after you place ACC in modes other than Disabled.1259343-8.1.1-Issue: Windows servers 2003 SP2 becomes unresponsive when MAC is installed.1225038-8.1.0-Issue: Repeated rows per system and requests made on the Policy Discovery page.1231217-8.1.0-Issue:Incorrect labels in the Approval status drop-down list on the Policy Discovery page.1231583-8.1.0-Issue:'User Comments' repeated for Observations with Global Prevalence greater than 1 on the Policy Discovery page.1237773-8.1.0-Issue:Client task for enabling ACC from ePO fails (the second line in the progress bar becomes red).

Workaround:Using the CLI on the client to be solidified, run the command

instaconfig /connect as administrator. After you run the command, run the ACC enable task from ePO again. A restart isn't needed.1210913-8.1.0-Issue: SolidCore CASP Code Injection can be bypassed when an address is taggedas RX before calling kernel32.dll.219284-8.1.0-Issue:Write-protected files can be deleted from the command line when their name exceeds a certain length (DOS short name associated).1221213-8.1.0-Issue:Executable files (.exe) in network drives aren't allowed to be executed when they are in trusted folders.1223577-8.1.0-Issue:The swin1.sys file isn't deleted after ACC is set as Enable.1230980-8.1.0-Issue:An incorrect error message is displayed when you upgrade ACC on an x64 Windows 10 system with an x86 installer.1272591KB792018.0.0-Issue: For JAR files, the Java interpreter can run a JAR file from any extension. Renaming a valid JAR file to a file with a different extension still allows it to be executed.

Workaround:See the related article for details.

1168664-8.0.0-Issue: Execution control rules are removed and reapplied when a policy update is received from ePO.1170115-8.0.0-Issue: Under certain circ*mstances, the Missed or Change reputation notification isn't received on endpoints.1156303-8.0.0-Issue:Write or Read denied events not raised while changing a write or read-protected file using bash.1191934-8.0.0-Issue:ActiveX feature with Webex plug-in causes the TIE database to fill with multipleattempts toresolve _Eatgpc.dll.1161191-8.0.0-

Issue: [Windows 8] The block interpreter behaves differently between Windows 7 and Windows 8 and later, when a rule is added after the interpreter is started.

• Behavior on Windows 7 platform:
  Already started interpreter is terminated.
• Behavior on Windows 8 and later:
  Already started interpreter isn't terminated.

MACC-8708-7.0-Issue:Solidcore policies can't be duplicated using the Policy Details page because the OK button is disabled.

NOTE: This issue occurs in ACC 7.0 and later.

Workaround:Use the Policy Catalog page to duplicate policies.

MACC-5925-7.0-Issue: Skiplist -s rule with wildcard * unsolidifies files in subfolders.1273074
1274763KB915697.0-Issue: Updater rights and permissions unexpectedly granted to svchost.exe.

Workaround:See the related article for details.

Back to Contents

Client Issues - ResolvedReferenceRelated
ArticleFound
InFixed
InDescriptionFixed ACC 8.3.4ClientMACC-11491-8.3.48.3.6 Hotfix 1Solution:As metadata submission is disabled in the client by default, ACC controls the metadata submission to TIE, thereby preventing excessive traffic flow to the TIE server.MACC-10930-8.3.38.3.4Issue:SCCM updates are blocked.

Solution:The default rules now allow SCCM updates without any fail after adding SCCM client rules to the directory.

MACC-10776-8.3.38.3.4Workaround:The solidification status window doesn't hang when you execute the command sadmin config set MaplCommLostRestart=0 and start solidification with sadminwhile running the Solidcore with Update Mode enabled.MACC-10886-8.3.38.3.4Issue: When you enable Observe or Update mode, and reboot the system, it goes into a repair state, and the system must be rebuilt.

Solution: ASystem Crash screen (blue screen)doesn't appear on the system when you run Solidcore with Observe Mode or Update Mode enabled. It works successfully on the next reboot of the system.

MACC-10684-8.3.38.3.4Workaround: The VTP_Trusted error message is fixed and is no longer displayed.MACC-10504-8.3.28.3.4Issue: During thefirst reboot after a product upgrade, the system remains in an endless logon screen.MACC-10663-8.3.28.3.4Issue:A blank blue screen appears when Solidcore is enabled with Inventory Mode and Observe Mode.

Workaround:When you enable Solidcore with both the Inventory Mode and Observe Mode, a blue screen error doesn't appear on the system.

MACC-10796-8.3.08.3.4Workaround:The finetune.bat entry issue with the correct DLL name on the operating system is resolved.MACC-10653-8.3.38.3.4Issue: Amassive influx of new file write denied events is noticed as a result of Windows 10 upgrade.

Workaround:ACC now allows automatic clean-up of the previous version of the windows after adding

C:\windows.old to the default windows updater group.MACC-10013-8.2.18.3.4Issue: When you try to execute binaries by adding a trusted rule in a network shared path, the .exe file isn’t executed.

Workaround: The issue is resolved. All binary files including the .exe file can be executed.

Fixed ACC 8.3.3 ClientMACC-10396--8.3.3Issue:The Application ExternDLLTestForm.exeloads when the DLL is removed from Solidcore whitelisting.MACC-10554-8.3.08.3.3Issue:CMD files aren't solidified in Enable mode when copied through file sharing (c$ via a trusted user.MACC-10578-8.3.28.3.3Issue: Solidcore blocks multiple applications when CrowdStrike is present.MACC-10542-8.3.08.3.3Issue: You can't delete temporary files when the Script-auth optionis enabled.MACC-9937-8.3.08.3.3Issue:Windows 2008 R2 server crash. System crash (blue screen) details:Bugcheck 135.MACC-10373-8.2.68.3.3Issue: The install can take up to over an hour to complete the installation.MACC-10366-8.3.08.3.3

Issue: Execution-Control blocking issue:

ERROR: evt.c : 1269: McAfee Solidifier blocked launch of 'c:\windows\system32\cmd.exe

MACC-10051-8.3.08.3.3Issue:Unable to create events for: FILE_ATTR_MODIFIED/FILE_ATTR_MODIFIED_UPDATEMACC-7607-8.2.18.3.3Issue:ACC doesn't deny the execution of native Image files during a Silverlight installation.MACC-10410-8.3.08.3.3Issue:A slow small memory leak issue is seen over several months.MACC-10087-8.2.18.3.3Issue:Unable to enable memory protection (MP), and Script as Updater (SAU)when access Control is enabled.MACC-10278-8.2.18.3.3Issue: Default group ''SCCM/SMS Client' adds several trusted directories that aren't needed.MACC-9256-8.3.08.3.3

set "sadmin config set ServiceStartFinetune=7"

MACC-10368-8.3.08.3.3Issue: System crash (blue screen) Bugcheck 9F occurs when you shut down Windows.MACC-10399-8.3.28.3.3Issue: System crash (blue screen) on (X64) Systems when you run a test with driver verifier.Fixed ACC 8.3.2 ClientMACC-10366-8.3.1.8.3.2

1. Open regedit and navigate to: HKLM\SOFTWARE\Microsoft\Windows
   NT\CurrentVersion\Image File Execution Options\scsrvc.exe
2. Create a DWORD value if it doesn't exist FrontEndHeapDebugOptions
3. Set its value to 8.

Fixed ACC 8.3.1 ClientMACC-3100-8.2.18.3.1Issue:System crash with BugCheck 3B.

NOTE: If the current state of bit-16 in CustomerConfig is 0, flipping it to 1 in Disabled/Enable/Observe/Inventory mode can result in a crash.

A similar crash can be observed if this bit is 0 and a product upgrade is undertaken. The reason is because the upgrade process might set this bit to 1.

This problem only affects Windows 10 and Windows Server 2016 and later.

Fixed ACC 8.2.6 ClientMACC-8396-8.2.18.2.6
Update 6Issue: Bug check E3 occurs with SWIN.SYS after you upgrade to ACC 8.2.1 (Update 5).Fixed ACC 8.2.1 Client

MACC-8568

MACC-8391

-8.2.18.2.1
Hotfix 8 (RTS)Issue:A kernel memory leak occurs in MFE0 and Q* tags after you upgrade to ACC 8.2.1 (Update 5).MACC-8375-8.2.1.1148.2.1
Update 5
RepostIssue: Communication issues occur with MA 5.0.6 when ACC 8.2.1.114 and VSE 8.8 are installed on Windows 7 and 2008 R2.-KB919338.2.1.4078.2.1
Update 5
RepostIssue:The Execution Control feature causes CMD and other processes to crash after you upgrade from any version of ACC to 8.2.1.407 (Update 5).KB913318.0.08.2.1
Update 5
RepostIssue:The temporary folder C:\Windows\Temp\Solidcore isn't removed after you upgrade ACC.1027687KB840438.08.2.1
Update 5
RepostIssue: Upgrade to ACC fails for endpoints.1269088
1270552-8.2.18.2.1
Update 5
RepostIssue: Addition of new MPT 19.4-175.4 now solves the solidification problem.1270348-8.2.18.2.1
Update 5
RepostIssue:Extra check in ofpkgc_allow_installation configuration doesn't restrict the bypassing application allow list.

NOTE: Previously resolved with 8.2.1 Update 4 (RTS).

1269322-8.2.18.2.1
Update 5
RepostIssue:The file scorsapr.dll is now signed with the company certificate.1268997-8.2.18.2.1
Update 5
RepostIssue: The Execution Control configuration resets after reboot.
1269626-8.2.18.2.1
Update 5
RepostIssue: Boot time is impacted by Package Control's registries enumeration.
1267287-8.2.18.2.1
Update 5
RepostIssue: Loading of Summary Events in Event Viewer takes more time when AC 8.2.1.114 is enabled.1258932-8.2.18.2.1
Update 5
RepostIssue:An unsolidified binary file fails to execute after you rename it to pre-existing.
1262920-8.2.18.2.1
Update 5
RepostIssue: Windows update now successfully executes on comctl32.dll and gdiplus.dll after reboot.1257931-8.2.18.2.1
Update 5
RepostIssue: Access denied message is shown when you run a file with Windows short name notations.
1258074-8.2.18.2.1
Update 5
RepostIssue: Solidification status now remains the same when you run chkdsk.
1264297-8.2.18.2.1
Update 5
RepostIssue:ACC configured with limited features activation fails to load successfully after a service restart.1268086-8.2.18.2.1
Update 5
RepostIssue:ACC service no longer crashes when new updater rules are added.1273790-8.2.18.2.1
Update 5
RepostIssue: VTP isn't added to handle Microsoft allow listed binaries.TSDE-1863-8.2.18.2.1
Update 5
RepostIssue: ePO property "upgrade status" isn't updated after reboot.MACC-6791-8.2.18.2.1
Update 5
RepostIssue: Temporary folder is removed on upgrade.MACC-5898-8.2.18.2.1
Update 5
RepostIssue:The swin1.sys file is deleted after Solidcore is set as Enable.MACC-6649-8.2.18.2.1
Update 5
RepostIssue: Windows Updates don't fail with Solidcore in any mode.MACC-6708-8.2.18.2.1
Update 5
RepostIssue:The file InteLPPM.sys isn't blocked.1259045
1261196
1267181
1267203
-8.0.18.2.1.1
Update 3

Issue:

• Updated dlls aren't updated in the local allow list.
• February Updates fail on 8.0.2 and 8.2.1.
• Microsoftupdate installation fails and rolls back.
• Execution Denied (checksum-mismatch) when a file is modified through a hard link.

1254892-8.0.28.2.1
Update 3Issue:Files marked as updater don't work as expected.1254539-8.0.08.1.0Issue:Error “another generic command is running” while inventory is fetched.1253554-8.0.08.2.1.1
Update 3Issue:Added rules to skip pagefile.sys, hiberfil.sys, and swapfile.sys files from deny exec feature.1247415-8.0.18.2.1.143 Update 3Issue:MAC 8.x sadmin trusted command now can be configured with multiple pathnames.1253497-8.2.08.2.1
Update 3Issue:Process path is shown as c:\$recycle.bin\.\.\.1256965-8.2.08.2.1
Update 3Issue:Testing Application Control 8.2.0.156 and system crash with bug check 1E encountered.1257100-8.2.18.2.1
Update 3Issue:CASP doesn't work and it can't detect an exploit in ACC 8.2 and later.1258630-8.2.08.2.1
Update 3Issue:The attr -c can't bypass the CASP process on ACC 8.2.x.1258932-8.2.18.2.1
Update 3Issue:Unsolidified binary file is executable with renaming it to other inventory file name.1259008-8.2.18.2.1
Update 3Issue:After solidification completes, the system is stuck in update mode unable to control client.1259925-8.2.1-Issue: Files added to the updater process remained unsolidified after you upgrade to 7.0.1.462.1260583-8.2.18.2.1
Update 3Issue:Safe-mode-protect feature doesn't work in the mentioned version.1261927-8.2.18.2.1
Update 3Issue:BugCheck 3B - swin.sys, Win 10 with ACC 8.2.1.1262892-8.2.18.2.1
Update 3Issue:Uninstall of non-msi applications isn't allowed when 'Allow uninstallation' feature is enabled.1262925-8.2.18.2.1
Update 3Issue:Solidcore blocks .NET. PS1 in temp folders.1188255KB912577.0.08.2.1 Update 3

8.0.2 Update 1

• Application Control 8.2.1 Update 3
• Application Control 8.0.2 Update 1

See the related article for more guidance.

1247479KB907858.2.08.2.1
Update 3Issue: Upgrade from ACC 8.1.0 to ACC 8.2.0 in Windows 32-bit fails.

Workaround: See the related article for details.

-KB912578.08.2.1
Update 5

8.0.2
Update 1

Issue: Application Control and Change Control driver issues (Windows Update).

Resolution: You must resolidify any system that was upgraded to latest version that was below 8.2.1 release. You only have to resolidify once after upgrade.

NOTE: If the system is newer than 8.2.1 and has been resolidified once, resolidification on upgrade isn't needed.

-KB907858.2.0
8.1.08.2.1Issue: System processes fail to start during upgrade of ACC from 8.1.x to 8.2.0.

Workaround: Disable

MP-CASP before you upgrade to the latest version of ACC.1232088-8.1.08.2.1.114Issue:FILE MODIFIED events aren't generated for any file with the "monitor file" rule added.1247171-8.2.08.2.1

1. Send an Enable task as a Limited Feature Activation.
2. Restart the client.

1247758-8.1.18.2.1Issue: Extension upgrade from ACC 8.1.1 to another ACC version fails in step 6.Fixed ACC 8.2.0 Client1239874-8.1.08.2.0Issue: The Default rule groups are removed after you upgrade to Solidcore ePO Extension 8.1.0.1241551-8.1.08.2.0Issue: Policy Discovery events aren't displayed on the Policy Discovery page after events are sent from endpoint.1245623-8.1.08.2.0Issue: When you try to import the inventory created as an XML file, the following error is displayed: Inventory could not be imported.124551-8.1.0.129
8.1.1.1038.2.0Issue: Application Control Policy Discovery events missing when extension 8.1.0.129 or 8.1.1.103 are installed.Fixed ACC 8.1.1 Client1237379KB905858.1.0.169
8.1.0.1798.1.1Issue: Service fails to start after installation is complete on Windows 10.1227853-8.1.08.1.1Issue: When you create a custom filter on the System Tree page the application service crashes.Fixed ACC 8.0.0 Client1197702KB894668.0.08.0.0.817Issue: Script As Updater injection into all application and system processes results in degraded performance and system crashes.1203341KB896788.0.08.2.1Issue: ACC prevents installation of Endpoint Security (ENS).

Workaround: Disable Memory Protection.

-KB897438.0.0.6518.0.0.783Issue: ACC doesn't communicate with ePO when you use MA 5.0.6.1205042
1221210
1232397
1220969
1231655
1240535KB906078.0.08.0.1.233Issue: Bug check 7f system crash occurs on systems protected by Application Control.-KB900838.0.0.8558.0.1.223Issue: ACC causes a system crash when a limited activation Enable task is run.-KB887478.0.0Latest extensionIssue: Web MER.exe is blocked on the client when Application Control is in the Enable mode.1188886-8.0.08.0.1.223Issue:AC8 takes twice as long to solidify than AC7.-KB893868.0.08.0.1.223Issue:ACC 8.0 consumes a greater number of resources than the previously releasedversions, resulting in performance issues.1186809-8.0.08.0.0.817
Update 2Issue: ThePKG-CTRL-ALLOW-Uninstall gives CMD updater permissions, whenCMD /C is in the UninstallString Registry string.1193571-8.0.08.0.0.783
Update 1Issue: The system doesn't start in Observe or Update mode ifSAU is enabled.1049573KB851568.0.08.0.0.651Issue:The system slows or stops responding while accessing files over the network.1269043
1254539KB913538.0.2.228n/aIssue: Application Control SC: Run Commands quit when policy enforcement occurs.

Resolution:Create an Application Control Client task. See the related article for details.

1250277-8.2.0n/aIssue:When you enable the Application Control license with limited activation or Change Control license, it results in a crash after you upgrade from 8.1.0.179 to 8.2.0.140.

Resolution: See the related article for details.

1269043KB913538.2.1n/aIssue: Application Control SC: Run Commands quit when policy enforcement occurs.

Resolution: See the related article for details.

1271531KB915288.1.08.3.0
8.2.6Issue:The Application Control installer enters a hung state during a new installation or upgrade from a previous version.

Resolution:See the related article for details.

1189702-8.0.0n/aIssue: The scsrvc.exe service hangs during restart when in Disable mode because Cryptsvc starts after our service.

Resolution: Microsoft suggests that you add a dependency in Solidcore service:

sc config scsrvc depend= cryptsvc.--8.0MA
5.0.5Issue: MA shows high CPU consumption with ACC installed.1177471KB888698.0Win 10 RS2Issue: High CPU consumption occurs when Windows Credential Manager is enabled on clients with Application Control installed.-KB896798.0.0.651n/aIssue: Solidifier hangs on reboot when going from enable mode to disable mode.1168594KB882718.0n/aIssue: VTP trust for ACC is lost after you install MA.-KB866388.0n/aIssue: Performance issues on Application Control endpoints when Global Threat Intelligence and Threat Intelligence Exchange communication fails.

Resolution: Disable GTI/TIE in the policy. See the related article for details.

Back to Contents

Client Issues - Won't Fix - See the related articles for a resolution or workaround.ReferenceRelated
ArticleFound
InFixed
InDescription599348-8.0n/aIssue: On viewing the properties of a file on the local drive, deny-write and deny-exec events are generated for the solidified and unsolidified files, respectively.1269943KB915028.2.0
8.2.1n/aIssue: An executable file can't be started from a trusted share or mapped drive.

Workaround:See the related article for details.

1181193KB891798.0n/aIssue: Application Control prevents Data Loss Prevention policy enforcement on files attached to outgoing mail.

-

KB913538.2.1
8.0.2.228n/aIssue: Application Control SC: Run Commands end when policy enforcement occurs.

Resolution: Set

MaplCommLostRestart=0.-KB776108.0n/aIssue: ACC might not switch the protection mode with Windows FBWF installed.-KB908498.0n/aIssue: File Write Denied events are recorded when a change to the edb.log file is tried.

Back to Contents

Client Issues - Expected Behavior- See the related articles for an explanation.ReferenceRelated
ArticleFound
InFixed
InDescriptionTSDE-15336KB970588.4.0n/aIssue:The Sysprep process might fail when TACC is in Update mode, leading to failure in deploying the Windows Master Image.

Workaround:This issue occurs becuse of an enhancementdone in TACC 8.4.0 for registry protection in Updatemode. SeeKB97058for more details and a workaround.

MACC-8314KB920818.2.1n/aIssue:ACC reports 8.2.1.407 on Swin.sys when 8.2.1 (Update 5 Repost) is installed.1213956KB905228.0.0.950n/aIssue: The path is on an unsupported volume (error on virtual drives after installation of Application Control).-KB889158.0n/aIssue: Exclusions for ENS/VSE with ACC to improve post-installation performance.-KB867588.0n/aIssue: Application Control denies ZIP files when run in the context of Java.exe or Javaw.exe.-KB900218.0.0n/aIssue: Digitally signed files lose the signature when moved from one client system to another.-KB880916.xn/aIssue: Application Control causes a Windows error event to occur when a new USB disk is connected to a solidified client.

Back to Contents