Hi all,
after update to new version 12.7.0.8525, the AutoContainment seems to have BIG problems:
win10 20h2 and office 2013.
In both cases I see no logs in SECURITY SUB-SYSTEMS-CONTAINMENT so I don’t know if other customers are having problems!
There’s a known issue with Citrix. I suggest you revert to a previous CCS version.
I think this is a big problem.
We have customers call with all kinds of problems that goes away when we disable auto-containment.
This must be a high priority item for the team to fix.
Our teams are working on this as highest priority. We couldn’t reproduce the issue yet on our test machines. Support team are asking for remote access permission to fetch necessary information.
It will be really helpful if you can give permission to do remote connection on one of the problematic endpoints
Is there an easy to way to downgrade all clients?
We have over 300
@ozermetin , please can you advise?
@smartcloud, moving forward I suggest you set your CCS version to a specific stable version instead of ‘latest’ and before updating all clients you push the latest release to a very small number to test. As an MSP, when a new version of CCS is released, we update our own workstations, then a couple of weeks later a small number of customers’ machines. It tends to be 4+ weeks after release that we start pushing out the update to a greater number of customers’ machines en masse. After we have updated a large number, we then change the default CCS version and all other machines will auto update.
That what I thought but see this post.
I can’t figure this one out.
https://forum.itarian.com/forum/products/endpoint-protection/61911-what-is-the-latest-version-of-the-ccs
I have a good news for this issue, we had reproduced the issue and fix is ready. We will run QA and if everything is ok, we will share it customers to confirm the solution early next week.
To downgrade, re-install is the only option at this point.
its not just citrix its everything Quickbooks, Hypver V (stopping VM’s from running) Java applications, exe files and also windows office installer.
I had the same issues, any program wanting to email out via outlook would just frezze.
I rolled back - well uninstalled and reinstalled.
Too many problems over the last few weeks with MS issues and this on top is not helpful and just a waste of time and effort.
My end-users are questioning the “value” that is being provided, as many fixes are manual or require restarts during work hours.
The biggest issue we have had this month has been with the Microsoft updates. KB5001649 should be a mandatory critical update and not an optional one as Microsoft has made it out to be.
We were able to address this issue with CCS by assigning temporary profiles to effected endpoints that disabled auto containment until a fix comes out. We will remove the temporary profile as soon as we get confirmation that the fix is released and working.
Our clients understand that updates to various software platforms is a complicated matter. The March 2021 Microsoft update addressed two zero day exploits but broke printer functionality for OEM print drivers in the process of patching the exploits. Our job is to resolve these issues as rapidly as possible and establish plans to prevent such foreseeable issues moving forward.
For CCS that will mean turning off the “latest version” setting and waiting a few weeks before deploying the latest CCS, given how critical CCS’s role is with the endpoints we manage and monitor. We will wait until the fix is released to do that as we very much want that fixed version deployed ASAP to all effected devices. For Microsoft, we are going to be looking at the Patch Management in ITarian and may consider gong to an approval based system on security patches moving forward rather than deploying them as soon as Microsoft releases them, wrongly assuming Microsoft has tested for every potential issue that could arise across millions of devices with billions of possible variables at play.
It’s not fully tested until it hits a production environment and something breaks, or doesn’t.
