We are currently utilizing McAfee Solidifier for windows and are having difficulty with determining the best way to have a solidified system but also have the ability to install printers on the system. Currently we have installed printer drivers on the system, then solidified the system, but when the printer is plugged in, it tries to install the driver and gets an access denied. How can we configure the system so that any printer driver that is already on the system can be installed?
Even though you installed the printer drivers before you solidified he system there will be several updates that need to take place once you attach the printer. Since the system is not solidified those updates can't take place. What you need to do now is track down which process needs to be added as an updater so that when you plug a printer in those updates can take place.
Recreate the issue and look in the solidcore.log file. You should be able to see some deny exec errors during a time when the printer driver is trying to install. Those deny exec error will include the parent process and other useful information.
Good luck and have a great day!!
Thanks for the quick reply Jeff
Looking at the log file it states that the C\windows\system32\drvinst.exe is what is being blocked when modifying the usbprint.sys. I don't know if we want the executable to be an updater as this might allow the drivnst.exe to be exploited. If I just unsolified the .sys file, then the system denies execution of the spoolsv.exe on launching \windows\system32\hpz3llhn.dll and drvinst.exe on the \windows\system32\drivers\set67d7.tmp.
Is there a way to have solidcore allow for all printer drivers already on the system to be installed without an exception to every printer dll with drvinst.exe?
You right you don't want to make the drvinst.exe an update but there is a better option. What you want to do is make the usbprint.sys file and updater as long as the rundll32.exe is the parent process. The command would look like this.
sadmin updaters add -l usbprint.sys drvinst.exe
That should allow you printer drivers to install and keep you nice and secure at the same time.
Hope that helped and have a great day.
I've done that but I'm still getting a solidifier prevented unauthorized execution of C:\windows\system32\hpz3llhn.dll by c:\windows\system32\spoolsv.exe
So I've done a similar command: sadmin updaters add -l hp3llhn.dll spoolsv.exe
But I'm still getting the same error, I've tried it a couple of ways. I'm I missing something? Can you please provide the command for the spoolsv.exe?
Looking at sadmin updaters list
spoolsv.exe -l HPZ3LLHN.dll
spoolsv.exe -l system32\ HPZ3LLHN.dll
spoolsv.exe -l \windows\system32\ HPZ3LLHN.dll
Solidcore.txt log output
U.1460.1824: Jun 30 2010:14:03:16.674: ERROR: evt.c : 1216: McAfee Solidifier prevented unauthorized execution of 'C:\Windows\System32\HPZ3LLHN.DLL' by process C:\Windows\System32\spoolsv.exe (Process Id: 1928, User: NT AUTHORITY\SYSTEM).
K.1928.3588: Jun 30 2010:14:03:16.672: SYSTEM: cctl_kern.c : 1169: Process '\Device\HarddiskVolume1\Windows\System32\spoolsv.exe' tried to launch '\Device\HarddiskVolume1\Windows\System32\HPZ3LLHN.DLL' which has been DENIED EXECED. Exec perms =0
Message was edited by: dwightb added log output on 6/30/10 4:05:53 PM CDTMessage was edited by: dwightb on 6/30/10 4:31:31 PM CDT
Well the command looks right to me.
sadmin updaters add -l hp3llhn.dll spoolsv.exe
I'm find the file in the file system and make sure the name of the dll is correct. In a txt file its really easy to confuse some of the ascii text characters. If that doesn't help I'd open up a support ticket so we can better troubleshoot this.
You can try this also.
Sadmin updaters add spoolsv.exe
Sadmin updaters remove -l \system32\ HPZ3LLHN.dll spoolsv.exe
Sadmin updaters remove -l \windows\system32\ HPZ3LLHN.dll spoolsv.exe
Reboot the system after adding the updaters.
Well we launch the platform out to the field with the printer drivers for an HP 6000 printer on a solidified PC and everything went fine until...we had to upgrade to newer HP6100 printers. Now I'm getting the same issue as before with theHPZ3LLHN.DLL not installing. So I can't get the Printer to install without going into update mode. Anyone have any ideas on how to install printer drivers or what to make an updater in the system, as we have our "medical device" password protected and I don't want to be able to have a user go into update mode. I've tried looking at the finetune.bat file, but that does not seem to work either. Any help would be appreicated.