cancel
Showing results for 
Search instead for 
Did you mean: 
rogue8
Level 7

Application Control 5.1.1 not blocking execution of banned binary

Hello.  I'm testing AC 5.1.1 with a binary rule that blocks notepad.  With policy enforced, the application can still launch.  If you look in ePO or the application log in event viewer on the client, it actually reports that execution of notepad was prevented yet it actually still launched.  Has anyone ever seen this?  Am I missing something?  I've read the PG, EG, seen the video's, etc.  Everything is patched.  The client is running on VMWorkstation.  Could that be it?  Change Control works just fine.  So does adding an Updater in AC.

0 Kudos
2 Replies
CIPHENT.com
Level 11

Re: Application Control 5.1.1 not blocking execution of banned binary

Are you creating the rule by name or hash? Try both the options.

- AB

0 Kudos
gjoshi
Level 9

Re: Application Control 5.1.1 not blocking execution of banned binary

did you check if the rule is applied on the host? is local cli locked or recovered.

Try the 'always unauthorize' flag under exception rules.

0 Kudos