cancel
Showing results for 
Search instead for 
Did you mean: 
haaris
Level 10

Application is executing when trusted user is removed

I am using Application control latest version 6.1.3 and server is solidified.I have added a trusted user to install an application and I am able to install it,thats good,no problem.But the problem is that when I removed that user from trusted user list from EPO ,still the user is able to install the application.

Do any body have an idea???

0 Kudos
17 Replies
neelima
Level 12

Re: Application is executing when trusted user is removed

The user needs to log off for the policy removal to take effect. Can you log off the user and then check?

haaris
Level 10

Re: Application is executing when trusted user is removed

Thanks neelima,

But Log off method doesnt apply while adding the policy,why does it apply for removing policy??

I tried what you said & it really works for the first time but when i tried the same scenario again it doesnt work & also we are not able to remove the setup that we copied for installation on the server.

Do you have an idea

0 Kudos
neelima
Level 12

Re: Application is executing when trusted user is removed

Haaris,

Please provide exact steps followed for this statement:

"I tried what you said & it really works for the first time but when i tried the same scenario again it doesnt work & also we are not able to remove the setup that we copied for installation on the server."

0 Kudos
haaris
Level 10

Re: Application is executing when trusted user is removed

Hi Neelima,

One one of the Windows server 2008,I have installed Application control 6.1.3 & solidified

it.I copied two exe files putty.exe & Filezilla.exe & tried to install

it,it doesnt allow me bcoz of application control thats fine.So,for testing purpose I

added a user in trusted user list and then tried to run application & it runs,thats fine.

Again I removed the user from trusted list & tried to run application,it allows me to run

so with the help of your update I log off & then login & user not able to run application

so it works accordingly.

So,when I tried the above scenarion again & log off the user & then login still the user

able to run the application which it shouldnt be.Also,user is not able to delete those

two files which i copied on the server for testing purpose,it seems that those two files are solidified.

I log in from another user & tries to delete those two files but not able to do so.

Incase,if you have any further query, please feel free to ask.

0 Kudos
neelima
Level 12

Re: Application is executing when trusted user is removed

Haaris,

This can only happen if those application got added to whitelist when they were run last time.

Please try and run a completely new set of application in the same session and verify.

You may need to check why the applications got added to whitelist. They may have been updated by an updater to get to the whitelist.

You can check for the File_Solidfied events for this.

0 Kudos
haaris
Level 10

Re: Application is executing when trusted user is removed

Hi Neelima,

Thanks for your update!!!

I dont know how the application got added to the whitelist.No problem,I will try it with other application.

Meanwhile,let me know where  I need to check for file_solidifed events,

0 Kudos
shahids75
Level 9

Re: Application is executing when trusted user is removed

Hi,

Check inside the SolidCore Events tab.

0 Kudos
haaris
Level 10

Re: Application is executing when trusted user is removed

Hi Shahid,

Thanks for your suggestions!!

I had already checked solidcore events tab,I thought Neelima was tallking about some other events thats why asked for the  same

0 Kudos
neelima
Level 12

Re: Application is executing when trusted user is removed

You can search for the file name and FILE_Solidified events through Advanced Filters. I have created a video on how to do this.

Let me know if this helps or if there are other areas we can add video for.

0 Kudos