OPERATIONAL DEFECT DATABASE
...
...
BugZero found this defect 6 days ago.
This issue applies to WatchGuard EPP, EDR, EDR Core, EPDR, and Advanced EPDR. It was resolved in Hotfix WGUA-2746. Affects Endpoint Security protection versions v8.00.23.xxxx and higher. Anti-exploit protection in WatchGuard Endpoint Security products includes Code Injection support to protect your endpoints against attacks that insert harmful code into an application or process that is then interpreted or executed by the application. The malicious code is usually designed to manipulate data flow, which leads to loss of confidentiality and reduced application availability. Code injection uses anti-exploit techniques to detect exploit attempts in running processes. Code Injection in protection version v8.00.0023.XXXX inspects every running process. The inspection could cause performance and compatibility issues for some applications
On 31 October 2024, compatibility issues that could affect these applications were resolved in knowledge updates (signature files): LightspeedAutoCADDocker Enable automatic knowledge updates to make sure that your knowledge updates are up to date. For more information, go to Configure Automatic Knowledge Updates in Help Center. For applications that continue to experience issues with the Code Injection protection, you can add an exclusion. This should only be used as a temporary solution. When an application is excluded, it is not detected by any anti-exploit protection. We strongly recommend that you open a support case to find a long-term solution. To add an exclusion, from WatchGuard Cloud: Select Configure > Endpoints. Select Settings > Workstations and Servers. Expand the Advanced Protection section. Disable the Code Injection toggle. Open the affected application and verify that it works. If the application is able to run, then re-enable the Code Injection toggle.In the Code Injection Exclusions box, add the affected application. For more information, go to Configure Anti-Exploit Protection in Help Center. Contact WatchGuard Support and open a case. Describe the problem with the application with Code Injection protection so that we can resolve the issue. Caution! We strongly recommend that you do not leave the Code Injection protection disabled as it affects all processes, including exploit detection and code injection, Advanced IOAs, and Advanced security policies used by PowerShell.
