I hope someone can help me.
I want to allow Word file access to specific dlls, but the problem is that they seem to be dynamically generated.
The dlls are used/created by something called ProQuest for Word, which is some kind of add-on/extension for Word. After this was installed on the users machine, MAC started blocking file access repeatedly to dll’s starting with proxy_vole, but with different numbers following it.
For example proxy_vole6513544225070924898.dll or proxy_vole5491073914121433542.dll.
I want to know, how I via McAfee ePO can allow winword.exe file access to all the different variations of proxy_vole, where it seems that there is regularly generated new dll’s with new numbers.
Thank you in advance.
Are you seeing any Policy Discovery requests or WRITE_DENIED / EXECUTION_DENIED events reported to the ePO or even in the local system Windows Event Viewer? Is it the winword.exe process that is creating these DLL's or a ProQuest binary? You could potentially add either binary as a Trusted Updater, but in the case of winword.exe I'd use this judiciously as I believe it could potentially expose your system to unauthorised code (i.e. malicious macro functions) from being able to dynamically affect changes to the Solidcore whitelist and allowed to execute.
This is an example of the file path and process name:
Threat Target Process Name: C:\Programmer\Microsoft Office\Office14\WINWORD.EXE
Threat Target File Path: c:\documents and settings\%USERNAME%\lokale indstillinger\temp\proxy_vole6513544225070924898.dll
Sorry I took my time to reply. The dlls are not signed unfortunately. However I think that I may have found a filter that seems to solve the problem, but I am still interested if someone have a better/other solution.