Questions regarding Cynic

I need a solution

Hi to everyone.

Question1: What happens if we have enabled Cynic, the attachment takes too long to be scanned, it is delivered to the recipient and aterwards there is a verdict that the attachment is malicious?

Question2: How do we exclude a file to be scanned from Cynic, if it is a false-positive?

I was not able to find anything regarding these questions.

Best Regards,




  • No Related Posts

Attachments names – can’t create filter and not able to export attachments names to csv

I need a solution

Hi All,

Im struggling to export into csv attachments names related with particular events or create an report in DLP console showing attachments names for each event.

default CSV reports does not have such field and in DLP console I also can’t see attachments in filters

Im not an admin of our DLP instances so I wonder if those options are just unavaliable for me or its not possible at all?



Using a different share for User Layers for each published image

The following key needs to be in one or more of your published images.



That key, if it exists in the image before a user logs in, will cause Ulayer.exe to ignore the User Layer share assignments set in the ELM, and instead have all users on this machine use the specified share for User Layer VHDs. That’s the share name only. The “Users” subtree is appended to this key to locate the actual layers.

You can deliver this in the Platform Layer or an App Layer, or as a machine GPO, as long as the registry setting is in the image before any user logs in.

Normally, when a user account logs in, the process looks like this:

  1. Read the main file share from the registry
  2. Read JSON files on the main file share to determine alternate share location, and which ones this user is assigned to
  3. Read JSON files on the main file share to determine elastically assigned app layers
  4. Create or attach the User Layer disk from User-Layer-Share-PathDOMAIN_usernameOSLayerID_OSLayerName
  5. Attach elastic layers

With UserLayerSharePath, step 2 is replaced by “set User Share location to the contents of the UserLayerSharePath registry key.” All Storage Location assignments for this user are ignored. All user layer VHD files will be created on the same, single share location. Publishing an image with a layer where this key is set, or setting the key after publishing with a machine GPO, will cause this specific image to behave differently from all other images based on this OS layer.