cancel
Showing results for 
Search instead for 
Did you mean: 
bunnyad
Level 7

On enabling application control firewall settings are changed

Hi,

I have installed standalone Applicaton Control (Version: 6.1.3.264) in Windows 7 machine.

I have solidified C drive and enbled Apllication control and restarted system.

On restart i can see that some firewall settings are getting changed which i got to know from registry editor.

For example,

For one of the use case of our application we have set 'AllowLoclPolicyMerge' to 1 in registry path  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\

But after installing Application Control and enabling the registry value of 'AllowLocalPolicyMerge' is reset to 0.

Bcoz of this usecase is faling.

Please let me know why application control is resetting few values and please provide solution for this so that the values does not change after solidification and enabling of Application Control.

Regards,

Bharath

0 Kudos
4 Replies
neelima
Level 12

Re: On enabling application control firewall settings are changed

Bharath,

I am crosschecking this. I will update this thread as soon I have an update.

hyadav
Level 7

Re: On enabling application control firewall settings are changed

Hi Bharath,

Application Control does not change any firewall settings. Still, I would like to see the installation logs in <systemvolumeSmiley Embarassed\Windows\solidcore_installer.log.

Also, it would be much helpful if you could run ProcMon, capture its logs and share,

Thanks,

Himanshu

0 Kudos
bunnyad
Level 7

Re: On enabling application control firewall settings are changed

Hi Yadav,

Will try to attach log files as requested.

0 Kudos
bunnyad
Level 7

Re: On enabling application control firewall settings are changed

For workaround i have used command sadmin write-protect-reg -i HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalPolicyMerge. Workaround worked successfully.

Later, on checking Solidcore.log file after adding above command we got a entry saying “U.1276.1480: Jun 25 2014:14:57:46.748:  ERROR: evt.c      : 1240: McAfee Solidifier prevented an attempt to modify Registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' with value 'AllowLocalPolicyMerge' by process C:\Windows\System32\svchost.exe (Process Id: 452, User: NT AUTHORITY\SYSTEM).”

On checking the services which are running under process svchost.exe (Process Id: 452) 'Group Policy Client' is one of the service running.

To clarify that Group Policy Client is the service which resets registry key when solidcore is enabled, we have disabled Group Policy Client and solidified the machine, registry setting was not reset to “0”. Hence confirmed its Group Policy Client which reset registry value with solidcore installation.

I need to know why application control triggered Group policy client to reset registry key.

0 Kudos