cancel
Showing results for 
Search instead for 
Did you mean: 

McAfee Application Control and SQL Server Reporting Services

Installed, solidified and enabled McAfee Application Control (Solidifier) 8.0.0.875 on WES7 (Window 7 Embedded) system, that has Microsoft SQL Server 2012 and SQL Server Reporting Services (SSRS) also installed.  

However when SSRS is used to create a report it either copies or creates a DLL (ReportingServicesWebServer.DLL) in a deeply nested "tmp" folder and tries to execute it, however McAfee Application Control prevents it from running with the deny reason of:  "Local Whitelist - File Not Present (deny reason code: 2) reputation score: 1000".

McAfee Solidifier prevented unauthorized execution of 'C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\RSTempFiles\reportserver\c2a527bc\9cd1a7f9\assembly\tmp\5ZY4HSUI\ReportingServicesWebServer.DLL' (sha1: c951266218a2b82b338c9b20be656dd77076e3bb, md5: 93e168e931ae8a018c7989abe257c1dc, sha256: df26f9739a6b2e505a2ab5908f79e568ee4f9ebe03aae22604a76e96b406e983, File Type: pe32) by process C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe (Process Id: 2872, User: NT SERVICE\ReportServer) whose parent is process C:\Windows\System32\services.exe, deny_reason : Local Whitelist - File Not Present (deny reason code: 2) reputation score: 1000

Another issue is that the computer generated directory that it tries to execute the DLL out of changes each time:

C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\RSTempFiles\reportserver\c2a527bc\9cd1a7f9\assembly\tmp\ETJ9KXQ4\ReportingServicesWebServer.DLL
C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\RSTempFiles\reportserver\c2a527bc\9cd1a7f9\assembly\tmp\BIX4ZJ7U\ReportingServicesWebServer.DLL
C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\RSTempFiles\reportserver\c2a527bc\9cd1a7f9\assembly\tmp\YKHTPFPN\ReportingServicesWebServer.DLL
C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\RSTempFiles\reportserver\c2a527bc\9cd1a7f9\assembly\tmp\5ZY4HSUI\ReportingServicesWebServer.DLL
C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\RSTempFiles\reportserver\c2a527bc\9cd1a7f9\assembly\tmp\4YXWQNBI\ReportingServicesWebServer.DLL

What is the best way to handle this situation within McAfee Application Control?  I've tried adding whitelist rules, however I have not had any luck getting them to work.  Here are some examples of the whitelist commands I have tried:

sadmin whitelist add -i "\ReportingServicesWebServer.DLL"

sadmin whitelist add -i "C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\RSTempFiles\reportserver\*\*\*\*\*\ReportingServicesWebServer.DLL"

sadmin whitelist add -s "C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\RSTempFiles\reportserver\*\*\*\*\*\ReportingServicesWebServer.DLL"

sadmin whitelist add -s "C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\RSTempFiles\reportserver\*\*\*\*\*\*"

I also have another question:  If a path or file is updated using the "sadmin <add|remove > <argument> <path|file>" does it take effect immediately or is a restart of the workstation required?

 

Thanks,

Jeff

ePO Support Center Plug-in
Check out the new ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.