Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Unable to execute from redirected path (DFS) but execution works if file is copied locally

Unable to execute from redirected path (DFS) but execution works if file is copied locally

Version:

 

7.x

 

Issue:

 

Unable to execute from redirected path (DFS) but execution works if file is copied locally

 

Symptoms:

 

Trace file is showing the file analysis where the redirected path is listed twice before the file name like '\\server-dfs\folderredirect$\server-dfs\folderredirect$\app\desktop\testfile.exe'. Trace also shows "Could not normalize" message for the DFS path.

 

Cause:

 

Our normalization code would handle the stripping off the duplication on the file path only if the file path contained \DFSClient\.

 

Solution:

 

If \DFSClient\ is not included on the file path, our normalization code will not be able to strip the duplicate file path. An agent property configuration will be needed to help normalize the file path.

 

Go to https://<Bit9 server name>/agent_config.php. Click on "Add Agent Config". Set the configuration to the following:

Name: for DFS share

Host ID: 0 for all or the specific host ID of your test machine if you just want to test it first

Value: KernelUseSimpleDFSCheck=1

Status: Enabled

 

Important Note(s):

 

Do NOT make any changes or add any other agent configuration property on the agent_config.php page other than the setting mentioned above or it could cause unexpected behavior or break the Bit9 agent installation.

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎01-29-2015
Views:
716
Contributors