cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 1

McAfee Application Control and SQL Server Reporting Services

Installed, solidified and enabled McAfee Application Control (Solidifier) 8.0.0.875 on WES7 (Window 7 Embedded) system, that has Microsoft SQL Server 2012 and SQL Server Reporting Services (SSRS) also installed.  

However when SSRS is used to create a report it either copies or creates a DLL (ReportingServicesWebServer.DLL) in a deeply nested "tmp" folder and tries to execute it, however McAfee Application Control prevents it from running with the deny reason of:  "Local Whitelist - File Not Present (deny reason code: 2) reputation score: 1000".

McAfee Solidifier prevented unauthorized execution of 'C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\RSTempFiles\reportserver\c2a527bc\9cd1a7f9\assembly\tmp\5ZY4HSUI\ReportingServicesWebServer.DLL' (sha1: c951266218a2b82b338c9b20be656dd77076e3bb, md5: 93e168e931ae8a018c7989abe257c1dc, sha256: df26f9739a6b2e505a2ab5908f79e568ee4f9ebe03aae22604a76e96b406e983, File Type: pe32) by process C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe (Process Id: 2872, User: NT SERVICE\ReportServer) whose parent is process C:\Windows\System32\services.exe, deny_reason : Local Whitelist - File Not Present (deny reason code: 2) reputation score: 1000

Another issue is that the computer generated directory that it tries to execute the DLL out of changes each time:

C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\RSTempFiles\reportserver\c2a527bc\9cd1a7f9\assembly\tmp\ETJ9KXQ4\ReportingServicesWebServer.DLL
C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\RSTempFiles\reportserver\c2a527bc\9cd1a7f9\assembly\tmp\BIX4ZJ7U\ReportingServicesWebServer.DLL
C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\RSTempFiles\reportserver\c2a527bc\9cd1a7f9\assembly\tmp\YKHTPFPN\ReportingServicesWebServer.DLL
C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\RSTempFiles\reportserver\c2a527bc\9cd1a7f9\assembly\tmp\5ZY4HSUI\ReportingServicesWebServer.DLL
C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\RSTempFiles\reportserver\c2a527bc\9cd1a7f9\assembly\tmp\4YXWQNBI\ReportingServicesWebServer.DLL

What is the best way to handle this situation within McAfee Application Control?  I've tried adding whitelist rules, however I have not had any luck getting them to work.  Here are some examples of the whitelist commands I have tried:

sadmin whitelist add -i "\ReportingServicesWebServer.DLL"

sadmin whitelist add -i "C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\RSTempFiles\reportserver\*\*\*\*\*\ReportingServicesWebServer.DLL"

sadmin whitelist add -s "C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\RSTempFiles\reportserver\*\*\*\*\*\ReportingServicesWebServer.DLL"

sadmin whitelist add -s "C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\RSTempFiles\reportserver\*\*\*\*\*\*"

I also have another question:  If a path or file is updated using the "sadmin <add|remove > <argument> <path|file>" does it take effect immediately or is a restart of the workstation required?

 

Thanks,

Jeff

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community