I am facing a scenario where I need to delete a whitelisted folder and its contents (contains vbs and bat files) at the end of a component installation.
The process which is trying to delete this folder is "SYSTEM" process and for security reasons I cannot configure this process as an updater.
I can't use an user or a file as an updater.
I tried using exclude write-protection (sadmin wp -e C:\sample) for this folder and tried to delete, but this is failing.
Is there any other method using which I can delete a whitelisted folders and files ?Message was edited by: sagarmc004 on 1/15/14 11:59:53 PM CST
Hi @mlajoie If you unsolidify the directory/files, then any process can delete them (e.g., they are no longer protected from WRITES, but now no longer can be executed, since they are not whitelisted (if you have any rules that allow execution (e.g., Trusted Directory, filename/hash rules, Certificate, etc. then they could still be executed).
Run: "sadmin unso <dir>"
Example: "sadmin unso c:\temp\"
This would unsolidify any files in the C:\temp\ directory, so you can delete them properly. If you don't unsolidify the files, then you'd need an Updater to do so, and you wouldn't want to add the SYSTEM process, or cmd.exe/explorer.exe, as an Updater.
Interesting. OK. Basically, I'm trying to delete an executable from my desktop and it is being denied. Why would that be? How would a user manage their files if they can't delete what they want? I don't think unsolidifing a directory is sustainable? Is there a better way to manage it in the environment?
Depends the issue is the files on the user desktop are files that are solidified.
See the "Sadmin scripts list" command:
These files are what we protect. If something needs to delete or update them once solidified you can make that an updater.
Or you can create a Skiplist -d rule for the user desktop. or make their admin a trusted user. There are several options. If you would like to discuss by phone you call support and we will be glad to walk you through configuration.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
If the file on the desktop is solidified (whitelisted), then the MACC product will prevent WRITE (delete) actions against the file. Only an Updater is allowed to write to solidified files, but as before, you don't want explorer.exe or cmd.exe (the process typically doing the delete) to be an updater.