Trendmicro Exlusions
Sysmon processes “C:\Windows\cyrthwinsys.exe" ve "C:\Program Files\THApplications\cyrthwinsys.exe" must be excluded for real-time scanning in Trenmicro settings.
Cause:
"Windows Server freezes after enabling Anti-Malware module in Cloud One - Workload Security"
Windows freezes after enabling the Anti-Malware module. The issue seems to be caused by an interoperability issue between Microsoft System Monitor (Sysmon) and Trend Micro Deep Security Agent (DSA)."
https://success.trendmicro.com/dcx/s/solution/000294699?language=en_US
The exclusion needs to be done from Trendmicro and in the CyberCyte Platform.
TrendMicro
It is also suggested to add the following exclusions in the Process Image File list
Mandatory
C:\Windows\sysmon64.exe
C:\Windows\sysmon.exe
C:\Windows\cyrthwinsys.exe
Optional
Autorunsc Tool
C:\Program Files\ICSFAgentService\files\ps\sysinternals\autorunsc64.exe
Sigcheck Tool
C:\Program Files\ICSFAgentService\files\ps\sysinternals\sigcheck64_v2.90.exe
Sysmon Executable
C:\Windows\cyrthwinsys.exe
Sysmon Executable
C:\Program Files\THApplications\cyrthwinsys.exe
Sysmon Executable
C:\Program Files\THApplications\ Sysmon64.exe
Below are example screenshots:
CyberCyte
In Sysmon polices, the tag for Trendmicro should be added to Exlusion Rules from Policy Settings accessed from Rules and Policies -> Policy Management -> Policesi. Example screenshot is provided below:
Last updated
