Advanced Threat Protection stopping program

Question

I am trying to run a license program and the Advanced Threat Protection is stopping it. I have added the folder exclusion and the exe exclusion as well but it still gets blocked. So I uninstalled the Advanced Threat Protection and it is still being blocked. But I can run it on a computer that doesnt have Advanced threat protection or Encryption installed at all (the file is not encrypted either).  I had originally found where the exe was quarantined and waived it but now I cant find it at all. Is there something now on my computer that is still stopping it due to the Advanced Threat?   Thanks, Donna

Brian Piatt · Answer

Hello Donnaroehrig,

I'm not aware why ATP would still block the program after being removed, unless the script/exe was quarantined at the time of removal.

I would suggest to troubleshoot:

Reinstall ATP on the affected endpoint.
Attempt to run the program that is causing you issues and make a note of the timestamp.
Collect logs by referencing https://www.dell.com/support/article/us/en/19/sln294330/how-to-collect-logs-for-dell-data-security-dell-data-protection-using-diagnosticinfo?lang=en.
I would suggest creating an EXE for log bundle so you can read it easily.
In the log bundle drill down to \Cylance\[Date].log.
If ATP is blocking the program, in the log you should see the hash or script being blocked around the timestamp in step 2.

Let me know if you run into any issues or have further questions.

Brian Piatt

L4 | Dell Data Security #Iwork4Dell

Need immediate help? Please call the Dell Data Security queue at https://www.dell.com/support/article/us/en/04/SLN297692

Dell Data Security

Was this post helpful?