Any program which increases the security of your systems is bound to stop things that are not really dangerous and in fact are need to work. I reported recently here about an update from Trend that increased Trend WFBS 9.0 ability to prevent the ransomware going around like Cryptolocker.
When I installed the update, I ran it on my machines for a little while and didn’t notice any issues. Then later when I was at work, I saw a few issues with the common applications that I use. I saw Connectwise crash on opening once on my machine as well as my IE addin for LastPass fail to load. Given the recent change was this update, I did some digging into the WFBS console logs and found that Trend WFBS was what I needed to address. Here’s how I did it.
Logged in to the WFBS console and then went to Reports > Log Query
Select Desktop/Server as the Type and Behaviour Monitoring as the Content, and then Display Logs. Below you can see the areas I was having issues with. The paths and targets are clearly listed.
Given I knew that the programs were valid, I was able to add them to the exceptions list, which you can see further down in the Behaviour Monitoring section.
Once I did this, the programs then proceeded to work without issue. I also alerted Trend to this by lodging a case with them. The took some log files from me, and then within 24 hours had an updated Policy Pattern file that came down via the Automatic Pattern file updates that meant it didn’t detect ConnectWise or LastPass as malware. I was then able to remove the exceptions and my system continues to work without issues.