Operational Defect Database
BugZero found this defect 132 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA16S000000bzCSSAY
AMSI detection technology issues with WatchGuard Endpoint Security
Last update date:
1/8/2024
Affected products:
WatchGuard Endpoint Security
Affected releases:
All
WatchGuard Endpoint Security
Fixed releases:
All
Description:
Issue
This issue applies to WatchGuard EPP, EDR, EDR Core, EPDR, and Advanced EPDR. It was resolved in Hotfix WGUA 2246. AMSI detection technology is disabled and does not work properly with WatchGuard Endpoint Security products. To verify that the AMSI technology is working, open a PowerShell window and type this command: Write-Output "PANDA AMSI TEST FILE" Affected protection versions: v8.00.21.Xv8.00.22.0010 to v8.00.22.0022 For information on how to determine your protection version, go to Determine the Software Version in Help Center.
Workaround/Solution
A hotfix is available to resolve this issue.To apply the hotfix on the affected endpoint: Download and save this hotfix file to the endpoint: hf-wgua-2243-2246-waconf-amsi-wsc.exe Double-click the downloaded file. The hotfix does not require a restart of the endpoint.Under some circumstances, you might be prompted to restart for the hotfix to be fully applied. If you cannot restart the computer immediately, select No when prompted. This postpones the application of the hotfix until the next system restart.Note: To install the unattended or silent version of the hotfix, click here. The hotfix is applied after the next system restart. The hotfix updates these files: File NameLocationFile VersionModified DateHotfix to be included in future versions?WAConf.dllC:\Program Files (x86)\Panda Security\WAC\WAConf.dll (8.00.21.X Protections)4.6.17.415 November 2023Yes v8.00.22.0023WAConf.dllC:\Program Files (x86)\Panda Security\WAC\WAConf.dll (8.00.22.X Protections)4.6.18.314 November 2023Yes v8.00.22.0023 Verify Hotfix Application To verify that the hotfix was successful, check the file version in the File Details section, or verify these values in the Windows Registry: 32-Bit Architecture64-Bit ArchitectureRegistry KeyValueRegistry KeyValueHKEY_LOCAL_MACHINE\SOFTWARE \Panda Software\Setup\Hotfix history\HF_WAConf_AMSI_WSCRevision [REG_DWORD] 1HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Panda Software\Setup\Hotfix history\HF_WAConf_AMSI_WSC [REG_DWORD] 1 HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup\Hotfix history\HF_WAConf_AMSI_WSC Result [REG_DWORD] 0 = Success1 = Not Applied 2 = Error9 = On Reboot Operation HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Panda Software\Setup\Hotfix history\HF_WAConf_AMSI_WSC [REG_DWORD] 0 = Success1 = Not Applied 2 = Error9 = On Reboot Operation
