From the initial investigation, Event Application errors were found in the logs collected from the reported affected devices:
Failure to load the application settings for package Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy. Error Code: -2147024864 Failure to load the application settings for package Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy. Error Code: -2147024891 Failure to load the application settings for package Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy. Error Code: -2147024893 Failure to load the application settings for package Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy. Error Code: -2147024894 Failure to load the application settings for package Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy. Error Code: -2147024864 Failure to load the application settings for package Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy. Error Code: -2147024894
In addition, Microsoft published an article related to the same process mentioned here:
https://learn.microsoft.com/en-us/office/troubleshoot/activation/sign-in-issues
The issue happens intermittently with or without the Trend Micro Worry-Free Business Security Services agent installed. Investigation of the root cause is still ongoing.
Important
Supporting the findings mentioned above, users who have implemented the exclusions for Broker Plugin processes have experienced a reduction of the reported issue.
To address this issue, Trend Micro Worry-Free Business Security Services Security Agent had an Emergency maintenance on the last week of April 2023 by applying backend changes to the related Broker Plugin processes which will be released on agent version 6.7.3371/14.2.3205.
Recommended Action
For Worry-Free Business Security Services (WFBS-SVC) web console:
Classic Mode: Go to SECURITY AGENTS and select the affected devices/group of affected devices. Click on the Menu icon (three vertical dots) then click Configure Policy.
Advanced Mode: Go to POLICIES > Policy Management. Click Add or click an existing policy.
- Scan Exclusion Lists
- Under the Folders Tab, click +Add then add the following directories as exclusions:
C:\Users\*\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy* C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy*Click the image to enlarge.
- Under the Files Tab, click Add then add the following file paths below as exclusions:
C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exeClick the image to enlarge.
- Under the Behavior Monitoring Approved List, add the following file paths below as exclusions:
C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe C:\Users\*\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy*
- Under the Folders Tab, click +Add then add the following directories as exclusions:
- Approved URLs
Under Approved/Block URLs > Approved URLs > Specify exceptions, add the following URL to the Approved URL List:
If you are using a private exchange domain, the private domain needs to be added:
http://autodiscover.<domain>/autodiscover/autodiscover.xml
If Global Approved and Blocked URL List is ticked, add the Approved URL here:
Go to POLICIES > Global Exception Lists > Approved URL List. - Trusted Windows Program List
Under POLICIES > Global Exception Lists > Malware Scan Exclusions > Trusted Windows Program List, add the following file paths below:
C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe
(For Partners Only) For Remote Manager (TMRM) web console:
- URL Approved List:
- Go to Customers Tab > Select all customers > Policy Settings > Approved/Blocked List > Device Groups > Select All Groups > Configure Policy > Approved List for Web Reputation and URL Filtering > Select an action: Append > Add URLs below > Deploy Policy Settings:
If you are using a private exchange domain, the private domain needs to be added:
http://autodiscover.<domain>/autodiscover/autodiscover.xml
- Click Deploy Policy Settings.
- Go to Customers Tab > Select all customers > Policy Settings > Approved/Blocked List > Device Groups > Select All Groups > Configure Policy > Approved List for Web Reputation and URL Filtering > Select an action: Append > Add URLs below > Deploy Policy Settings:
- Antivirus Scan Exclusion:
Go to Customers Tab > Select all customers > Policy Settings > Antivirus Scan Exclusions > Select Groups > Select All Groups > Configure Policy > Select an action: Append:
Specify multiple entries using the semicolon (;) or ENTER key.- Add the following under the directory path:
C:\Users\*\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy*; C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy*;
- Add the following under the file name full path:
C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe; C:\Users\*\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy*;
- Click Deploy Policy Settings.
- Add the following under the directory path:
- Behavior Monitoring Exception List:
- Go to Customers Tab > Select all customers > Policy Settings > Behavior Monitoring Exception List> > Select Groups > Select All Groups > Configure Policy > Approved Program List > Select an action: Append:
Specify multiple entries using the semicolon (;) or ENTER key.
C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe; C:\Users\*\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy*; - Click Deploy Policy Settings.
- Go to Customers Tab > Select all customers > Policy Settings > Behavior Monitoring Exception List> > Select Groups > Select All Groups > Configure Policy > Approved Program List > Select an action: Append:
For Worry-Free Business Security Services (WFBS-SVC) web console:
Classic Mode: Go to SECURITY AGENTS and select the affected devices/group of affected devices. Click on the Menu icon (three vertical dots) then click Configure Policy.
Advanced Mode: Go to POLICIES > Policy Management. Click Add or click an existing policy.
- Scan Exclusion Lists
- Under the Folders Tab, Click "+Add" then add the following directories as exclusions:
\C:\Users\*\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy* C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy*Click the image to enlarge.
- Under the Behavior Monitoring Approved List, add the following file paths below as exclusions:
C:\Users\*\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy*
- Under the Folders Tab, Click "+Add" then add the following directories as exclusions:
- Approved URLs
Under Approved/Block URLs > Approved URLs > Specify exceptions, add the following URL to the Approved URL List:
If you are using a private exchange domain, the private domain needs to be added:
http://autodiscover.<domain>/autodiscover/autodiscover.xml
If Global Approved and Blocked URL List is ticked, add the Approved URL here:
Go to POLICIES > Global Exception Lists > Approved URL List.
(For Partners Only) For Remote Manager (TMRM) web console:
- URL Approved List:
- Go to Customers Tab > Select all customers > Policy Settings > Approved/Blocked List > Device Groups > Select All Groups > Configure Policy > Approved List for Web Reputation and URL Filtering > Select an action: Append > Add URLs below > Deploy Policy Settings:
If you are using a private exchange domain, the private domain needs to be added:
http://autodiscover.<domain>/autodiscover/autodiscover.xml
- Click Deploy Policy Settings.
- Go to Customers Tab > Select all customers > Policy Settings > Approved/Blocked List > Device Groups > Select All Groups > Configure Policy > Approved List for Web Reputation and URL Filtering > Select an action: Append > Add URLs below > Deploy Policy Settings:
- Antivirus Scan Exclusion:
Go to Customers Tab > Select all customers > Policy Settings > Antivirus Scan Exclusions > Select Groups > Select All Groups > Configure Policy > Select an action: Append:
Specify multiple entries using the semicolon (;) or ENTER key.- Add the following under the directory path:
C:\Users\*\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy*; C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy*;
- Add the following under the directory path:
- Behavior Monitoring Exception List:
- Go to Customers Tab > Select all customers > Policy Settings > Behavior Monitoring Exception List> > Select Groups > Select All Groups > Configure Policy > Approved Program List > Select Action: Append:
Specify multiple entries using the semicolon (;) or ENTER key.
C:\Users\*\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy*;
- Click Deploy Policy Settings.
- Go to Customers Tab > Select all customers > Policy Settings > Behavior Monitoring Exception List> > Select Groups > Select All Groups > Configure Policy > Approved Program List > Select Action: Append:
For support assistance, please contact Trend Micro Technical Support.