Solved

Software Restriction Policy allow mrtstub.exe

Posted on 2014-04-15
6
94 Views
Last Modified: 2015-06-25
I have a client that has implemented Software Restriction Policy (Applocker not an option, Not supported on the win 7 clients).

The default is to block, with various rules to allow apps.

The only one I am having issue with is:-
Access to c:\98e5308a44fd6252c1\mrtstub.exe has been restricted by your Administrator by the default software restriction policy level

The directory changes so creating a path rule is out, unless i use a wildcard, but from looking on the net it appears that some viruses use the same name, so unsure where to go.

Hash rule (as far as i know) is no good as the file being an update will change each time.

What i would like is something like an allowed publisher (applocker) but dont think that is an option in SRP.

My other option is to remove "Malicious Software Removal Tool" from the domain, but would rather not do that.

Server is 2008R2

Any suggestions?


Cheers
Andrew
0
Comment
Question by:Andrew Davis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
6 Comments
 
LVL 10

Expert Comment

by:Scott Thomson
ID: 40003308
0
 
LVL 18

Author Comment

by:Andrew Davis
ID: 40003329
Thanks but that would be even worse than just creating a wildcard entry for the directory.

Thanks for looking though.

Cheers
Andrew
0
 
LVL 10

Expert Comment

by:Scott Thomson
ID: 40003331
Haha no worries. I didn't think it would be helpful but hey.. worth a shot in case you didn't know about it.
0
 
LVL 18

Accepted Solution

by:
Andrew Davis earned 0 total points
ID: 40005544
Update.
I have decided at the moment to go with a path rule of:-
c:\???????????????*\mrtstub.exe

This allows the file in a subdirectory of the root of C:\ that has a minimum of 15 characters.

This is the best solution that i could come up with, but would welcome any idea's.

Cheers
Andrew
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40850255
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question