Solved

Software Restriction Policy allow mrtstub.exe

Posted on 2014-04-15
6
89 Views
Last Modified: 2015-06-25
I have a client that has implemented Software Restriction Policy (Applocker not an option, Not supported on the win 7 clients).

The default is to block, with various rules to allow apps.

The only one I am having issue with is:-
Access to c:\98e5308a44fd6252c1\mrtstub.exe has been restricted by your Administrator by the default software restriction policy level

The directory changes so creating a path rule is out, unless i use a wildcard, but from looking on the net it appears that some viruses use the same name, so unsure where to go.

Hash rule (as far as i know) is no good as the file being an update will change each time.

What i would like is something like an allowed publisher (applocker) but dont think that is an option in SRP.

My other option is to remove "Malicious Software Removal Tool" from the domain, but would rather not do that.

Server is 2008R2

Any suggestions?


Cheers
Andrew
0
Comment
Question by:Andrew Davis
  • 2
  • 2
6 Comments
 
LVL 10

Expert Comment

by:Scott Thomson
ID: 40003308
0
 
LVL 18

Author Comment

by:Andrew Davis
ID: 40003329
Thanks but that would be even worse than just creating a wildcard entry for the directory.

Thanks for looking though.

Cheers
Andrew
0
 
LVL 10

Expert Comment

by:Scott Thomson
ID: 40003331
Haha no worries. I didn't think it would be helpful but hey.. worth a shot in case you didn't know about it.
0
 
LVL 18

Accepted Solution

by:
Andrew Davis earned 0 total points
ID: 40005544
Update.
I have decided at the moment to go with a path rule of:-
c:\???????????????*\mrtstub.exe

This allows the file in a subdirectory of the root of C:\ that has a minimum of 15 characters.

This is the best solution that i could come up with, but would welcome any idea's.

Cheers
Andrew
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40850255
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know what services you can and cannot, should and should not combine on your server.
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question