How to Enable Compatibility Mode for Application Issues with Dell Threat Defense and Dell Endpoint Security Suite Enterprise
Summary: Enable Memory Compatibility Mode in Dell Threat Defense and Dell Endpoint Security Suite Enterprise to resolve compatibility issues with other applications.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Note:
- As of May 2022, Dell Endpoint Security Suite Enterprise has reached End of Maintenance. This article is no longer updated by Dell. For more information, reference Product Life Cycle (End of Support and End of Life) Policy for Dell Data Security. If you have any questions on alternative articles, either reach out to your sales team or contact endpointsecurity@dell.com.
- Reference Endpoint Security for additional information about current products.
Affected Products:
- Dell Endpoint Security Suite Enterprise
- Dell Threat Defense
Memory Protection and Script Control are built on a memory filter driver to inject at the earliest possible point during process startup. Though Threat Defense does not support Memory Protection, if Script Control is enabled on Threat Defense, these issues be present. Third-party products that also monitor memory processes handle injections differently and may not be prepared for injection as early in the process as Memory Protection. This causes the third-party application to crash. To resolve this issue, you can add a registry key to allow Memory Protection to inject in the same manner as other applications.
Cause
Not Applicable
Resolution
Warning: Dell does not recommend permanently adding compatibility mode to a production environment, as this may present a change in the protection posture for endpoints that Compatibility Mode is applied to. Compatibility Mode modifies the point in which Dell’s Advanced Threat Prevention is injected into a running process to monitor its actions. This small window may provide an opportunity for advanced malware to run malicious behavior.
The Advanced Threat Prevention (ATP) engine of Dell Threat Defense or Dell Endpoint Security Suite Enterprise must have a compatibility mode that is enabled to resolve potential conflicts.
Note: Compatibility Mode must be added to the registry before you enable Memory Protection and Script Control in policy.
To enable Compatibility Mode:
- Right-click the Windows start menu and then click Run.
Figure 1: (English Only) Click Run
- In the Run UI, type regedit and then press OK. This opens the Registry Editor.
Figure 2: (English Only) Type regedit
Warning: The next step is a Windows Registry edit:
- Back up the Registry before proceeding, reference How to Back Up and Restore the Registry in Windows
.
- Editing the Registry can cause the computer to become unresponsive on the next reboot.
- Contact Dell Data Security International Support Phone Numbers for assistance if you have concerns about performing this step.
- In the Registry Editor, go to
HKEY_LOCAL_MACHINE\Software\Cylance\Desktop. - Right-click the Desktop folder and then click Permissions.
Figure 3: (English Only) Click Permissions
- In the Permissions for Desktop UI, check Full Control for the active user and then press OK.
Figure 4: (English Only) Check Full Control
Note: In the example, the active user is part of the Users group. This user or group may differ from your environment.
- Right-click Desktop folder, click New, and then select DWORD.
Figure 5: (English Only) Click DWORD (32-bit) Value
- Name the DWORD CompatibilityMode and then press enter.
- Right-click CompatibilityMode and then click Modify.
Figure 6: (English Only) Click Modify
- Change the Value data to 1 and then click OK.
Figure 7: (English Only) Update Value data to 1
- Exit the Registry Editor.
- Reboot the computer to apply the compatibility mode changes.
Enabling Compatibility Mode using Command-Line Option
Using PSExec to inject this registry key:
psexec -s reg add HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop /v CompatibilityMode /t REG_BINARY /d 01
PSexec can be acquired from Microsoft here: https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
Note:
PSexec is commonly seen as a Potentially Unwanted Program (PUP) and may be automatically quarantined before it can be run.
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.
Affected Products
Dell Threat Defense, Dell Endpoint Security Suite EnterpriseArticle Properties
Article Number: 000131608
Article Type: Solution
Last Modified: 09 Feb 2024
Version: 10
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.