AMSI detection technology issues with Advanced EDR/EPDR products

+34 900 840 407

support@cytomic.ai

AMSI detection technology issues with Advanced EDR/EPDR products

Related Products_

Advanced EPDR
Advanced EDR

Issue Status_

Tracking ID: WGUA 2246
Status: Resolved
Type of solution: Hotfix

Symptoms_

AMSI detection technology is disabled and not working properly with Adaptive Defense products. If you want to verify that the AMSI technology is working properly, open a Powershell window and type in this command:

Write-Output “PANDA AMSI TEST FILE.

Solution_

Download and save the hotfix file to the endpoint:
hf-wgua-2243-2246-waconf-amsi-wsc.exe
Double-click the downloaded file.
The hotfix installation does not require restarting the computer. However, under certain circumstances, you may be prompted to restart for the hotfix to be fully applied. If you cannot restart the computer right away, select No when prompted. This postpones the application of the hotfix until the next system restart.Note: To download an unattended or silent version of the hotfix, click here. The hotfix is applied after the next system restart.

Release Notes_

Next, find all the changes the hotfix includes.

Affected Versions

From v8.00.22.0010 to v8.00.22.0022.
To see your Cytomic product version, see this article.

File Details

The hotfix updates the following file:

File name	Location	File Version	Modified Date	Hotfix to be included in future versions?
WAConf.dll	C:\Program Files (x86)\Panda Security\WAC\WAConf.dll (8.00.21.X Protections)	4.6.17.4	November 15th, 2023	Yes v8.00.22.0023
WAConf.dll	C:\Program Files (x86)\Panda Security\WAC\WAConf.dll (8.00.22.X Protections)	4.6.18.3	November 14th, 2023	Yes v8.00.22.0023

Verify Hotfix Application
To confirm the correct application of the hotfix, check the file version (in File Details section) or else, verify the values of these Registry keys:

32 bits Architecture	64 bits Architecture
Registry Key	Value	Registry Key	Value
HKEY_LOCAL_MACHINE\SOFTWARE \Panda Software\Setup\Hotfix history\HF_WAConf_AMSI_WSC	Revision [REG_DWORD] 1	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Panda Software\Setup\Hotfix history\HF_WAConf_AMSI_WSC	[REG_DWORD] 1
HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup\Hotfix history\HF_WAConf_AMSI_WSC	Result [REG_DWORD] 0 = Success 1 = Not Applied 2 = Error 9 = On Reboot Operation	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Panda Software\Setup\Hotfix history\HF_WAConf_AMSI_WSC	[REG_DWORD] 0 = Success 1 = Not Applied 2 = Error 9 = On Reboot Operation

32 bits Architecture

64 bits Architecture

Registry Key

Value

Registry Key

Value

HKEY_LOCAL_MACHINE\SOFTWARE \Panda Software\Setup\Hotfix history\HF_WAConf_AMSI_WSC

Revision [REG_DWORD] 1

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Panda Software\Setup\Hotfix history\HF_WAConf_AMSI_WSC

[REG_DWORD]

HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup\Hotfix history\HF_WAConf_AMSI_WSC

Result [REG_DWORD]

0 = Success
1 = Not Applied 2 = Error
9 = On Reboot Operation

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Panda Software\Setup\Hotfix history\HF_WAConf_AMSI_WSC

[REG_DWORD]

0 = Success
1 = Not Applied 2 = Error
9 = On Reboot Operation