Advanced EPDR/EDR Web Access Control in protection v8.00.24.x fails to block certain sites

Advanced EPDR/EDR Web Access Control in protection v8.00.24.x fails to block certain sites

+34 900 840 407
support@cytomic.ai

Adaptive Defense Web Access Control in protection v8.00.24.x fails to block certain sites

Related Products_
  • Advanced EPDR
  • Advanced EDR
Issue Status_

Open

Symptoms_

With protection version v8.00.24.x, certain domains are allowed although Web Access Control protection is configured to block them.

Workaround/Solution_

A hotfix is available to resolve this issue.

To apply a hotfix on the affected endpoint:

  1. Download and save the hotfix file to the endpoint: hf-wgua4493-tcpoffset-additionaldnsqueries.exe
  2. Double-click the downloaded file.
  3. The hotfix installation does not require you to restart the computer. However, under certain circumstances, you might be prompted to restart for the hotfix to be fully applied. If you cannot restart the computer immediately, select No when prompted. This postpones the application of the hotfix until the next system restart.
    Note: To download an unattended or silent version of the hotfix, click here. The hotfix is applied after the next system restart.

Release Notes

Next, find all the changes the hotfix includes.

Affected versions

Protections from  v8.00.24.0000 to v8.00.24.0001.
To see your Advanced EPDR/EDR product version, see this article.

File Details
The hotfix changes the following configuration:

  • Endpoint internal configuration for our driver NNSPRV.sys.
  • Chromium browsers MS Edge and Google Chrome
Registry folder Value Hotfix to be included in future versions?
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge AdditionalDnsQueryTypesEnabled [REG_DWORD] “0” No
HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome AdditionalDnsQueryTypesEnabled [REG_DWORD] “0” No

 

Verify Hotfix Application

To confirm the correct application of the hotfix, verify the values of these registry keys:

32 bits Architecture 64 bits Architecture
Registry Key Value Registry Key Value
HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup\Hotfix history\HF_TCPOffset_AddDNSREQ Revision [REG_DWORD]

1

 HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Panda Software\Setup\Hotfix history\HF_TCPOffset_AddDNSREQ Revision [REG_DWORD]

1
HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup\Hotfix history\HF_TCPOffset_AddDNSREQ Result [REG_DWORD]

 

0 = Success
1 = Not Applied
2 = Error
9 = On Reboot Operation

 HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Panda Software\Setup\Hotfix history\HF_TCPOffset_AddDNSREQ Result [REG_DWORD]

 

0 = Success
1 = Not Applied
2 = Error
9 = On Reboot Operation