Generally I like the Meraki MDM but the Windows agent needs to be reworked ASAP.
It's constant invoking of Cscript for information gathering is the stupidest thing I have ever seen. It is constantly running in the background, creating random .tmp files in the Windows Temp folder. This creates some huge problems with both our endpoint protection and Sysmon logging.
First, every time it creates another random script in the temp directory, it triggers our endpoint protection HIPS which constantly evaluates behavior and trust of processes. This creates tons of events in the HIPS log. Due to random naming of the scripts It's very difficult to exclude from monitoring.
Secondly, it also creates tons of ProcessCreate events in Sysmon log, and again I have yet to find a way to properly eliminate all that useless noise it creates. I have tried all kinds of filtering rules but Sysmon still logs all that cscript use. I could probably exclude cscript entirely but that would be wrong and create a big hole in security logging.
And thirdly, it's use of Cscript is problematic in itself. Nothing should be using Cscript these days. Actually we had Cscript completely disabled but had to make an exception for Meraki Agent.
Yes nothing has changed regarding this. Our endpoint protection (Kaspersky) log are still filling up with the Meraki events garbage. It still runs a CSscript in every short while and creates a tmp file in Windows temp directory. This in turn is obviously flagged by our endpoint solution. As the files are named randomly, I have not found a way to completely exclude them from scanning.