Endpoint Protection

 View Only
  • 1.  Questions about Shadows' Application Control Exceptions

    Posted Mar 09, 2010 06:37 AM

    Hey guys, we have been working on tweaking ShadowPapa's Application Control Polices so we can have complete control of the user's profile folders. I have had a lot of success with making exceptions in the DLL and EXE Conditions however when we specify processes to exclude from the condition it does not seem to work. For example we have specificied EXCEL 2007 to be excluded from the Entire Block policy however it does not exlcude it and continues to block Excel gaining access to the profile locations. (This is happening with several .EXE files that we want to exclude) Also in Shadow's policy he has one set of Rules for the Allow Access and one set of rules that control the block. So... there are 2 places that you can indicate do not block this particular process. I have attached several screenshots that should give more insight. Bascially moving forward I need to understand where I Should be making PROCESS exceptions in this policy because we want to turn the policy into production mode soon because it is going to help big time. Any Insight on where I should be making the process Exceptions would be very helpful.

    sep2.PNG

    SEP1.PNG

     



  • 2.  RE: Questions about Shadows' Application Control Exceptions

    Posted Mar 11, 2010 05:44 AM
     Hi,

    Can you run process explorer. Run EXCEL. And make sure that it is running from the same location and that it has no subprocesses running from a different location.

    Aniket