EDR Core blocked UNIRES.DLL
Hi
Today i installed a windows shared network printer which is using Windows Generec text driver. EDR Core blocked the unires.dll file.
Events More details Date/Time Status
Execution attempt Location: C:\Windows\System32\spool\drivers\x64\3\UNIRES.DLL 13-06-2023 09:43 Blocked
But how do i unblock this file? Local EDR admin interface can´t do it and looking at the cloud interface on the machine, i see no detections or alerts.
/Robert
0
Sign In to comment.
Comments
Hello, Robert_Vilelmsen
Are you sure it is being blocked by EDR core?
EDR core does not have Blocking capabilities, only informs on suspicious or unknown files.
It can be EDR or EPDR.
Could you please confirm?
Regards,
David
It says it´s blocked.
Yes, It says blocked, I have not doubt of your words. But it must be EDR or EPDR.
If it is blocking it, there must be a detection on the online console and from there you should be able to unblock it.
I am sending a PM to you.
David
Okay, somehow my EDR Core client had managed to block a dll file despite it´s configuration was to audit only.
FACTORY_PROFILE 0x01012009 PSNMVAg_ITEM_PUSSERVICELEVEL 0
0 audit
1 hardening
2 lock
Uninstalling WatchGuard EDR core and forcing a sync solved it.