cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 7

Trusted Directories

Jump to solution

Hi all,

i'm testing the Trusted Directory feature of MAC and can't seem to get it to work. i'm using systinternals bginfo.exe to test and have it on a share on a the local box.

the solidcore rule pathh is configured as \\systemname\Evaluation\Sysinternals, Action is include & updater is no. i have ensured that this rule is applied to my policy but when i go to run bginfo, i get an execution denied event.

- i shared the folder  and still get an execution denied event.

questions:

- what am i doing wrong?

- should the files on the local share be whitelisted ( i didn't think so)

1 Solution

Accepted Solutions
Highlighted
Level 12
Report Inappropriate Content
Message 5 of 7

Re: Trusted Directories

Jump to solution

ah, so the path added in the rule(\\22.229....) has to the path on the client. So on client if you run bginfo from (\\22.229.69.54\..), it will run. (C:\evaluation\...) dos not match the rule.

View solution in original post

6 Replies
Highlighted
Level 7
Report Inappropriate Content
Message 2 of 7

Re: Trusted Directories

Jump to solution

Hi All,

seems like i found a solution to my problem.

according to KB 84759, Application and Change control do not support configuring a network path as a Trusted Directory

so the way i was configuring the network path was \\<IP>\\ or \\<server-name>\\ this is wrong & results in the configuration not applying correctly & thus preventing file execution from the network share.

the solution is to mount the network share to a local path on the system & then configure the local path as your trusted directory.

this worked for me

Highlighted
Level 12
Report Inappropriate Content
Message 3 of 7

Re: Trusted Directories

Jump to solution

oge,

MAC allows for network path to be added as trusted directories without it being mapped as a local path.

Can you dump the execution denied event ?

Highlighted
Level 7
Report Inappropriate Content
Message 4 of 7

Re: Trusted Directories

Jump to solution

neelima,

the path for the rule is the 3rd one.

Capture.PNGdenied event from client.PNGRule.PNG

Highlighted
Level 12
Report Inappropriate Content
Message 5 of 7

Re: Trusted Directories

Jump to solution

ah, so the path added in the rule(\\22.229....) has to the path on the client. So on client if you run bginfo from (\\22.229.69.54\..), it will run. (C:\evaluation\...) dos not match the rule.

View solution in original post

Highlighted
Level 7
Report Inappropriate Content
Message 6 of 7

Re: Trusted Directories

Jump to solution

Morning neelima,

you were right. i just updated the rule to match the path on the client & it worked.

one more question:

would mounting the network share to a local path on one system & then configuring the local path as your trusted directory work for multiple clients on the same network accessing one share?

Highlighted
Level 12
Report Inappropriate Content
Message 7 of 7

Re: Trusted Directories

Jump to solution

oge,

trusted directory policy will have to be applied to all the clients.

If local path will be used then a trusted directory policy to that effect will need to be applied on the concerned clients.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community