United Kingdom Endpoint Management User Group

We've recently upgraded our SMP to 8.1, and we've noticed a couple of odities with the manual Symantec agent download page (https://notificationserver/Altiris/NS/Agent/AltirisAgentDownload.apsx) since:

1. We now get prompted for credentials to access this page - we didn't previously in 7.1, 7.5 or 7.6.  However, even though we are prompted for credentials, bizarly if you click cancel on the login prompt twice - you still get access to the page.

2. After downloading the agent from that page (https or http agent) when we try to install it on a Windows 10 machine (only tried v1703 64bit so far) the Defender Smartscreen warning immediately pops up telling us that the application is unsafe.  If we click on "more info" on the warning pop up we can still install it, but the warning seems to be complaining that the publisher for the agent application is "unknown".

While there are workarounds for both, it doesn't instill much confidence for our end users to see these warnings.  Has anyone else had issues?  Any permanent fixes?

Thanks.

Hi Chris,

In 8.x, the servers settings are wrapped up in the install executables (AeXNSCHTTP.exe and AeXNSCHTTPs.exe). Because these are created on the fly on the server install they aren't digitally signed by Symantec. Further, as every server has a unique version of these files, they will not be in the SmartScreen database.

To make matters worse, SmartScreen cannot be configured to allow specific files or URLs. The only workaround I can suggest is perhaps signing these yourself to get around this issue.

 As for the login prompt nonsense... maybe open up a support case. It does this for us too, but I've never bothered opening a case. ;-)

Kind Regards,
Ian./ 

You can ignore my original comment below.... I read "Defender" and not smartscreen! Still I suppose it could be useful anecdotally regarding 1703's new "features".

=================================================================================

Unfortunately there's little Symantec can do about this I'd imagine. MS released some defender definitions I think on June 13th that start blocking our Ghost Solution Suite console components from running amongst other things.

The biggest issue being that under older editions of Windows 10 our support staff could at least "allow" the blocked files - in 1703 in their efforts to bring defender completely into the "Modern UI" settings panes this is no longer possible. I'm afraid over-zealous defs from MS are responsible and caused mayhem on our site - but at least it was only on I.T Staff PC's as everyone else has defender forced off by policy as we use SEP.

https://www.windows10forums.com/threads/windows-defender-in-v1703-does-not-let-me-run-app.13037 - seems we're not alone but I didn't find much else when digging back in June so I wouldn't count on MS being very aware.

For pull SMA installation case with SmartScreen behaviour:

Sign SMA installation package from this place below (Like Ian already said)