Guest

Preview Tool

Cisco Bug: CSCvv16717 - Cisco Maintained Exclusion - SQL Server exclusion need to modify for process exclusion

Last Modified

Aug 24, 2020

Products (1)

  • Cisco AMP for Endpoints

Known Affected Releases

5.0(1)

Description (partial)

Symptom:
Current process exclusion  are configured as

CSIDL_PROGRAM_FILES\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLServr.exe 
CSIDL_PROGRAM_FILES\Microsoft SQL Server\MSSQL.2\OLAP\Bin\MSMDSrv.exe 
CSIDL_PROGRAM_FILES\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\Bin\ReportingServicesService.exe 

But, SQL server binary(SQLServr.exe) path has different eventually exclusion may not work properly.  

C:\Program Files\Microsoft SQL Server\MSSQL.13\MSSQL\Binn\SQLServr.exe 
C:\Program Files\Microsoft SQL Server\MSSQL.11\MSSQL\Binn\SQLServr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.12\MSSQL\Binn\SQLServr.exe

Same applies to other two binaries (MSMDSrv.exe, ReportingServicesService.exe).

Conditions:
AMP for Endpoint is installed and policy is configured to include the exclusion for SQL server
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.