Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 130
  • Last Modified:

Software Restriction Policy allow mrtstub.exe

I have a client that has implemented Software Restriction Policy (Applocker not an option, Not supported on the win 7 clients).

The default is to block, with various rules to allow apps.

The only one I am having issue with is:-
Access to c:\98e5308a44fd6252c1\mrtstub.exe has been restricted by your Administrator by the default software restriction policy level

The directory changes so creating a path rule is out, unless i use a wildcard, but from looking on the net it appears that some viruses use the same name, so unsure where to go.

Hash rule (as far as i know) is no good as the file being an update will change each time.

What i would like is something like an allowed publisher (applocker) but dont think that is an option in SRP.

My other option is to remove "Malicious Software Removal Tool" from the domain, but would rather not do that.

Server is 2008R2

Any suggestions?


Cheers
Andrew
0
Andrew Davis
Asked:
Andrew Davis
  • 2
  • 2
1 Solution
 
Andrew DavisManagerAuthor Commented:
Thanks but that would be even worse than just creating a wildcard entry for the directory.

Thanks for looking though.

Cheers
Andrew
0
 
Scott ThomsonCommented:
Haha no worries. I didn't think it would be helpful but hey.. worth a shot in case you didn't know about it.
0
 
Andrew DavisManagerAuthor Commented:
Update.
I have decided at the moment to go with a path rule of:-
c:\???????????????*\mrtstub.exe

This allows the file in a subdirectory of the root of C:\ that has a minimum of 15 characters.

This is the best solution that i could come up with, but would welcome any idea's.

Cheers
Andrew
0
 
Seth SimmonsSr. Systems AdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now