Symptoms

• After C22.05 release, new activities appear in the "Activities" tab: "Secure session was started"
• Activities mention exact application that is protected: e.g. "Secure 'teams' session was started" for Teams.

Cause

The new activities were implemented to track protection status of collaboration and communication applications: Zoom, Teams, Cisco Webex Meetings, Citrix Workspace.

Protection includes the following activities:

• Installing the application client updates automatically
• Protecting application processes from code injections
• Preventing suspicious operations by application processes
• Protecting the "hosts" file from adding the domains related to the application

An activity appears each time when a new meeting gets started, or the application receives updates or modifications. More details can be found in the product documentation

Solution

If you would like to disable protection of collaboration and communication applications, disable Self-protection in the protection plan applied to the agent machine.