Link to home
Start Free TrialLog in
Avatar of Andrew Davis
Andrew DavisFlag for Australia

asked on

Software Restriction Policy allow mrtstub.exe

I have a client that has implemented Software Restriction Policy (Applocker not an option, Not supported on the win 7 clients).

The default is to block, with various rules to allow apps.

The only one I am having issue with is:-
Access to c:\98e5308a44fd6252c1\mrtstub.exe has been restricted by your Administrator by the default software restriction policy level

The directory changes so creating a path rule is out, unless i use a wildcard, but from looking on the net it appears that some viruses use the same name, so unsure where to go.

Hash rule (as far as i know) is no good as the file being an update will change each time.

What i would like is something like an allowed publisher (applocker) but dont think that is an option in SRP.

My other option is to remove "Malicious Software Removal Tool" from the domain, but would rather not do that.

Server is 2008R2

Any suggestions?


Cheers
Andrew
Avatar of Scott Thomson
Scott Thomson
Flag of Australia image
Avatar of Andrew Davis
Andrew Davis
Flag of Australia image

ASKER

Thanks but that would be even worse than just creating a wildcard entry for the directory.

Thanks for looking though.

Cheers
Andrew
Avatar of Scott Thomson
Scott Thomson
Flag of Australia image
Haha no worries. I didn't think it would be helpful but hey.. worth a shot in case you didn't know about it.
ASKER CERTIFIED SOLUTION
Avatar of Andrew Davis
Andrew Davis
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Seth Simmons
Seth Simmons
Flag of United States of America image
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.