Environment
- App Control Windows Agent 8.x - 8.9.2
- Windows Server 2019, 2022
Symptoms
File paths using DFS namespace are mapped to the DFS physical servers and not the DFS namespace when hosted on Window Server 2019/2022.
For example for DFS Namespace:
\\dfs\dfsnamespace
- \\dfs\dfsnamespace\folder1 is hosted on a Server 2016 here: \\dfs-server-2016\folder1
- \\dfs\dfsnamespace\folder2 is hosted on a Server 2019/2022 here: \\dfs-server-2019\folder2
"File.exe" is located in both folder1 and folder 2, but the App Control agent will show the file path differently depending on the physical Server OS hosting it:
- DFS files hosted on Windows Server 2016/2012/2008, App Control displays the path correctly using the DFS namespace:
- \\dfs\dfsnamespace\folder1\file.exe
- DFS files hosted on Windows Server 2019/2022, App Control displays the path using the DFS physical server and NOT the DFS namespace:
- \\dfs-server-2019\folder2\file.exe
Cause
Microsoft made changes to newer versions of the "Fltmgr.sys" driver on Server 2019/2022 and now API calls return the physical server instead of the DFS namespace
Resolution
Fixes to accommodate the changes made to "Fltmgr.sys" are expected in App Control agent version 8.9.2
Until the 8.9.2 release please configure Custom rules to use the physical server location rather than the DFS namespace.
Additional Notes
Bug numbers to track this issue EP-17573, EP-19024
