Solved

Software Restriction Policy allow mrtstub.exe

Posted on 2014-04-15
6
86 Views
Last Modified: 2015-06-25
I have a client that has implemented Software Restriction Policy (Applocker not an option, Not supported on the win 7 clients).

The default is to block, with various rules to allow apps.

The only one I am having issue with is:-
Access to c:\98e5308a44fd6252c1\mrtstub.exe has been restricted by your Administrator by the default software restriction policy level

The directory changes so creating a path rule is out, unless i use a wildcard, but from looking on the net it appears that some viruses use the same name, so unsure where to go.

Hash rule (as far as i know) is no good as the file being an update will change each time.

What i would like is something like an allowed publisher (applocker) but dont think that is an option in SRP.

My other option is to remove "Malicious Software Removal Tool" from the domain, but would rather not do that.

Server is 2008R2

Any suggestions?


Cheers
Andrew
0
Comment
Question by:Andrew Davis
  • 2
  • 2
6 Comments
 
LVL 10

Expert Comment

by:Scott Thomson
ID: 40003308
0
 
LVL 18

Author Comment

by:Andrew Davis
ID: 40003329
Thanks but that would be even worse than just creating a wildcard entry for the directory.

Thanks for looking though.

Cheers
Andrew
0
 
LVL 10

Expert Comment

by:Scott Thomson
ID: 40003331
Haha no worries. I didn't think it would be helpful but hey.. worth a shot in case you didn't know about it.
0
 
LVL 18

Accepted Solution

by:
Andrew Davis earned 0 total points
ID: 40005544
Update.
I have decided at the moment to go with a path rule of:-
c:\???????????????*\mrtstub.exe

This allows the file in a subdirectory of the root of C:\ that has a minimum of 15 characters.

This is the best solution that i could come up with, but would welcome any idea's.

Cheers
Andrew
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40850255
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question