Can ENS be installed on the UnitySync server?

Created: 2024-02-15 10:02:01
Modified: 2025-05-20 11:42:10
Tags: Errors System Requirements Troubleshooting UnitySync

Errors related to Trellix Endpoint Security (ENS)

ENS may be installed on the UnitySync server. However, an exclusion must be added for the UnitySync install directory. Without this exclusion, the following error may occur.

Error 500, Internal server CGI program sent malformed or too big

OR

(500) Internal Server Error Error 500: Internal Server Error CGI program sent malformed or too big (>16384 bytes) HTTP headers: [] URL: config.cgi/key?_=1699484758

Troubleshooting

To isolate ENS as the issue, temporarily uninstall ENS.
If the error goes away when ENS is uninstalled, then you’ve confirmed ENS is the conflict. You should exclude UnitySync from ENS. (Exclude the install directory, i.e. C:\UnitySync-v4.7)

Refer to ENS - Excluding items from Exploit Prevention

Further Troubleshooting your ENS Exclude:

Check Exclusions Configuration:

Double-check that the process, caller module, API, or signature IDs you’ve specified in the exclusions are accurate and match the process or behavior you intend to exempt from protection.

Check Trellix/Sophos ePO/Client Policies:

If you’re using Trellix or Sophos, ensure the exclusions are correctly configured in the main policy management system (ePO or Client) and that the client’s are properly updated with the policy.

Exclusion Scope:

Make sure the exclusions are set to the correct scope (e.g., process, application, signature).

Exclusion Type:

Ensure you’re using the correct exclusion type (e.g., Exploit Mitigation for Sophos, Buffer Overflow for Trellix).

Ensure Exploit Prevention is Enabled and Active. Check these: Enabling/Disabling Settings: Confirm that Exploit Prevention is enabled, and not in audit or disabled mode in your security software (e.g., Kaspersky, Cisco).

Audit vs. Enforced: If set to audit mode, Exploit Prevention will not block any exploits, but it will still log events. Enforced mode will block the exploit.

Policy Conflicts: Make sure no other policies or settings are overriding or disabling Exploit Prevention.

Restart Affected Processes:

If a process is blocked by Exploit Prevention, you can try restarting it after disabling Exploit Prevention for troubleshooting.

Contact TAC Support:

Contact the Trellix Support team. Refer to Exploit prevention exclusions stop working.
Knowledgebase

Directory
  1. Directify - Self Service

  2. Mimic - Replication

  3. UnitySync - Sync
Password
  1. emPass - Sync
Obsolete
  1. Profiler
  2. SimpleSync