This document describes the Cisco AMP for Endpoints Version 6.2.1 with Exploit Prevention enabled, it's incompatibility with Windows 10 October Update (Version 1809) and the workaround available.
Contributed by Tristan York, Cisco Engineering.
A defect (CSCvn54432) in AMP for Endpoints 6.2.1 Exploit Prevention Engine makes the use of Exploit Prevention Engine incompatible with Microsoft Office 365 (Centennial and ProPlus) (x86) on Windows 10 Redstone 5 / Windows 10 October Update (version 1809)(x64). Clicking 'Save as...' on a document, causes some of the icons to not be properly loaded. At this stage, it is considered a cosmetic problem, however it may indicate other potential issues. Cisco is scheduled to provide a fix in Windows connector update scheduled for release on Dec 6 2018.
Disabling AMP’s Exploit Prevention engine prevents the defect from being triggered for those customers who installed the Windows 10 October Update prior to the Microsoft imposed block. Another potential workaround is to save the file manually, then move and rename the file separately.
There is no workaround for customers impacted by Microsoft’s imposed block of the Windows 10 October update (version 1809).
Users running Connector version 6.2.1 must upgrade to the 6.2.3 software release.
6.2.1 – Upgrade to 6.2.3 and newer (no reboot required)