Endpoint Protection

We have a customer who is using our software on a machine using an unmanaged EndPoint installation. When we monitor the process created by our software on the customer machines, we can see that it contacts a certificate server - even though our application does not contain code which would do so. We don't see this activity on other machines. It is clear that the Sysfer.dll is being injected into this process. Is it possible that Endpoint is the source of this activity? If so, would there be Endpoint configuration settings which would control this?

Thanks for any insight!

Sysfer.dll is the Application and Device Control driver.

Since this is an unmanaged client, you can either disable it or remove the component.

This article briefly talks about it but this only applies to the managed version:

How to create an Application Control exception or stop sysfer.dll injection into a process with SEP

Yes - I understand, but is it expected that Sysfer.dll would contact a certificate server? The customer is currently unable to disable it.

ADC shouldn't but SONAR or Download Insight may.

But then I shouldn't see that coming from my process, right?

There isn't documentation that I can find to confirm this. I would suggest disabling or removing the component to see what the result is.

Yes - ideally that's what I would do, but I don't control our customers machine. Thanks for the thoughts.