Issue
This issue applies to WatchGuard EPP, EDR, EDR Core, EPDR, and Advanced EPDR. It was resolved in Hotfix WGUA 2246.
AMSI detection technology is disabled and does not work properly with WatchGuard Endpoint Security products. To verify that the AMSI technology is working, open a PowerShell window and type this command:
Write-Output "PANDA AMSI TEST FILE"
Affected protection versions:
v8.00.21.Xv8.00.22.0010 to v8.00.22.0022
For information on how to determine your protection version, go to Determine the Software Version in Help Center.
Workaround/Solution
A hotfix is available to resolve this issue.To apply the hotfix on the affected endpoint:
Download and save this hotfix file to the endpoint: hf-wgua-2243-2246-waconf-amsi-wsc.exe Double-click the downloaded file. The hotfix does not require a restart of the endpoint.Under some circumstances, you might be prompted to restart for the hotfix to be fully applied. If you cannot restart the computer immediately, select No when prompted. This postpones the application of the hotfix until the next system restart.Note: To install the unattended or silent version of the hotfix, click here. The hotfix is applied after the next system restart.
The hotfix updates these files:
File NameLocationFile VersionModified DateHotfix to be included in future versions?WAConf.dllC:\Program Files (x86)\Panda Security\WAC\WAConf.dll (8.00.21.X Protections)4.6.17.415 November 2023Yes v8.00.22.0023WAConf.dllC:\Program Files (x86)\Panda Security\WAC\WAConf.dll (8.00.22.X Protections)4.6.18.314 November 2023Yes v8.00.22.0023
Verify Hotfix Application
To verify that the hotfix was successful, check the file version in the File Details section, or verify these values in the Windows Registry:
32-Bit Architecture64-Bit ArchitectureRegistry KeyValueRegistry KeyValueHKEY_LOCAL_MACHINE\SOFTWARE \Panda Software\Setup\Hotfix history\HF_WAConf_AMSI_WSCRevision [REG_DWORD] 1HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Panda Software\Setup\Hotfix history\HF_WAConf_AMSI_WSC
[REG_DWORD]
1
HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup\Hotfix history\HF_WAConf_AMSI_WSC
Result [REG_DWORD]
0 = Success1 = Not Applied 2 = Error9 = On Reboot Operation
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Panda Software\Setup\Hotfix history\HF_WAConf_AMSI_WSC
[REG_DWORD]
0 = Success1 = Not Applied 2 = Error9 = On Reboot Operation
