Thought I would post this incase new customers face the problems our company has faced with agents that are on the corporate network not updating.
Since the beginning of the year I've been working with Bloxx, Checkpoint & Webroot to resolve the issue. Finally this week the problem was identified. The endpoints were attempting to download the latest agent and the files were being downloaded but corrupted somehow. Essentially our IPS blade was alerting that the WSA binary using the tool UPX. Whilst certainly benign in this instance, UPX is widely popular within the malware community.
Our options were disable this layer of security or update using GP or login script.
Anyway this may or may not help someone in the future but at least its here as a reference.
Page 1 / 1
Thanks for posting with the resolution!
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.