Symptoms

• The PowerShell script fails with the error:
  "The underlying connection was closed: An unexpected error occurred on a send."
• The script is unable to download the CYRISMA Agent from the URL (e.g., https://dl.cyrisma.com/...).
• The download works successfully when accessing the URL directly via a browser.
• Endpoint protection logs (e.g., ThreatLocker) show the script or executable being blocked.

Why This Happens

Endpoint protection software like ThreatLocker may block PowerShell scripts or downloads due to:

1. Security Policies: Configurations that flag downloads initiated by PowerShell as potentially unsafe.
2. Application Control: Restricting unapproved or unknown executables (e.g., Cyrisma_Setup.exe).
3. Script Restrictions: Monitoring or blocking script-based operations to reduce the risk of malicious activity.
4. Network Restrictions: Network filtering rules applied by endpoint protection to control how and when files are downloaded.

How to Troubleshoot

Verify Endpoint Protection Logs:

• Check ThreatLocker or other endpoint protection logs for blocked actions related to PowerShell or the CYRISMA download URL.

Test Download in a Browser:

• Open the URL (e.g., https://dl.cyrisma.com/...) in a browser.
• If the file downloads successfully, the issue is likely with the endpoint protection blocking PowerShell-specific operations.

Temporarily Disable Endpoint Protection (If Permitted):

• Disable ThreatLocker or similar software temporarily to verify whether it is the cause of the block.
• Re-run the PowerShell script to confirm.

Add Exceptions in Endpoint Protection:

• Allow the PowerShell process and the https://dl.cyrisma.com domain in ThreatLocker or similar tools.
• Add the CYRISMA Agent executable (e.g., Cyrisma_Setup.exe) as an approved application.

Confirm Permissions:

• Ensure the script is running with sufficient permissions (e.g., as Administrator) and that the machine has internet access.

Recommended Fix

To allow the PowerShell script to function correctly, follow these steps for ThreatLocker:

Add the Download URL to Allowed List:

• Open ThreatLocker settings.
• Navigate to the policy or rule section for downloads.
• Add https://dl.cyrisma.com to the list of allowed domains.

Allow PowerShell Scripts:

• Approve the PowerShell process (powershell.exe) in ThreatLocker policies.
• Allow scripts specifically from trusted sources like CYRISMA.

Approve the CYRISMA Setup File:

• Add Cyrisma_Setup.exe as an approved application in ThreatLocker.

Re-run the Script:

• After applying the changes, re-run the PowerShell script to complete the installation.

Preventing Future Issues

• Document Exceptions: Maintain a list of required exceptions (e.g., URLs, processes, executables) within your endpoint protection software to streamline future deployments.
• Test in a Controlled Environment: Before large-scale deployment, test the installation process in an environment with endpoint protection enabled to identify potential blocks.
• Stay Updated: Ensure your endpoint protection policies and configurations are aligned with trusted tools like CYRISMA to avoid unnecessary restrictions.

Conclusion

Endpoint protection software like ThreatLocker can block the CYRISMA Agent installation due to restrictive policies. By identifying and addressing these restrictions, the installation can proceed successfully. If the issue persists, contact CYRISMA Support for further assistance.