Jump to content
fernandogoodboy

App Control Blocks MS Office

Recommended Posts

KSC 10.5.1781

KES 11

Agent 10.5.1781

Dear Support,

Default Application Startup control policy with "control dll and drivers" enabled is applied to clients.
when we run Microsoft Office Apps (outlook,word,excel) on the client , encounter the error and says that app startup control has blocked "chart.dll" and microsoft office stops responding!!
screenshots , policy export  is attached.

BR,

screenshot and poicy export.zip

Share this post


Link to post

Hello

Have you tried to add this library to exclusions ?

Share this post


Link to post

Hello!

What group does this software belong to? 

Is it in trusted group or in the low restricted? 

Thanks!

Share this post


Link to post

Dear Ivan,

chart.dll is in unknown group!

I moved it to trusted group but unfortunately it didn't work.

any advice?

BR,

Share this post


Link to post

yes . as you can see in previous image. it was in unknown group . i moved it on trusted. but still is in unknown group!

Share this post


Link to post

Hello.

Could you specify where did this updates come from ? Is this dll signed ? 

You have a warning from Application  Control, why are you trying to adjust Host Intrusion Prevention component ? 

Share this post


Link to post

Dear evgeny,

The dll is for microsoft office product.i have no info about that!

Ì tried to add it to trusted group because Ivan asked me about the group in HIP.

I know that the issue is for app start up control.

Please if you need any log , let me know , if not , everything is clear .so please advise or if it is a bug in KES , submit it to the higher level.

BR,

Share this post


Link to post

Have you got an orignal MS Office package ?

Does CHART.DLL have a valid signature ? 

You may create a category with this file's hash (or even KL category Golden Image\Trusted certificates) and allow access for everyone.

Share this post


Link to post

Dear Evgeny,

the package is official.

i have no info about the chart.dll . how can i find , if chart.dll is a valid signature on unvalid??!

I created a category (KL category Golden Image\Trusted certificates) and applied to the client , but it didnt work.

I still have problem.

BR,

Share this post


Link to post
On 7/2/2018 at 9:01 AM, fernandogoodboy said:

Dear Evgeny,

the package is official.

i have no info about the chart.dll . how can i find , if chart.dll is a valid signature on unvalid??!

I created a category (KL category Golden Image\Trusted certificates) and applied to the client , but it didnt work.

I still have problem.

BR,

You can open the file's properties and see if there are digital signatures. By default, HIPS automatically moves applications to Trusted if they have a digital signature. See the attached image for an example. Please also check if KES is configured to trust applications with a digital signature.

Thank you.

Screenshot_267.png

Share this post


Link to post

Hello Kirill,

I checked the file and found that the (chart.dll) has digital signatures.

the screenshot of the file properties is attached.

Get to know that HIPS has no interaction with the mentioned scenario.

it is app startup control that causes the mentioned problem!!

BR,

chart.dll.jpg

Share this post


Link to post
5 hours ago, fernandogoodboy said:

Hello Kirill,

I checked the file and found that the (chart.dll) has digital signatures.

the screenshot of the file properties is attached.

Get to know that HIPS has no interaction with the mentioned scenario.

it is app startup control that causes the mentioned problem!!

BR,

Hello.

Excuse me if I'm a little confused about the consistency of the initial screenshots.

There is one where the error says "Blocked according to rule: Default Deny". This is a direct indication that Application Startup Control is working in White List mode (Default Deny is the rule that blocks everything which is not directly allowed).

Then, the screenshot with Application Startup Control settings has "Black list" selected, and no rules applied (which means, everything should be allowed to run). What settings exactly are there when the issue occurs?

Thank you.

Share this post


Link to post

Hello.

 

Could you send chart.dll file packaged in archive ?

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.