Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Software Restriction Policy allow mrtstub.exe

Posted on 2014-04-15
6
Medium Priority
?
118 Views
Last Modified: 2015-06-25
I have a client that has implemented Software Restriction Policy (Applocker not an option, Not supported on the win 7 clients).

The default is to block, with various rules to allow apps.

The only one I am having issue with is:-
Access to c:\98e5308a44fd6252c1\mrtstub.exe has been restricted by your Administrator by the default software restriction policy level

The directory changes so creating a path rule is out, unless i use a wildcard, but from looking on the net it appears that some viruses use the same name, so unsure where to go.

Hash rule (as far as i know) is no good as the file being an update will change each time.

What i would like is something like an allowed publisher (applocker) but dont think that is an option in SRP.

My other option is to remove "Malicious Software Removal Tool" from the domain, but would rather not do that.

Server is 2008R2

Any suggestions?


Cheers
Andrew
0
Comment
Question by:Andrew Davis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
6 Comments
 
LVL 10

Expert Comment

by:Scott Thomson
ID: 40003308
0
 
LVL 19

Author Comment

by:Andrew Davis
ID: 40003329
Thanks but that would be even worse than just creating a wildcard entry for the directory.

Thanks for looking though.

Cheers
Andrew
0
 
LVL 10

Expert Comment

by:Scott Thomson
ID: 40003331
Haha no worries. I didn't think it would be helpful but hey.. worth a shot in case you didn't know about it.
0
 
LVL 19

Accepted Solution

by:
Andrew Davis earned 0 total points
ID: 40005544
Update.
I have decided at the moment to go with a path rule of:-
c:\???????????????*\mrtstub.exe

This allows the file in a subdirectory of the root of C:\ that has a minimum of 15 characters.

This is the best solution that i could come up with, but would welcome any idea's.

Cheers
Andrew
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40850255
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question