cancel
Showing results for 
Search instead for 
Did you mean: 
oge
Level 7
Report Inappropriate Content
Message 1 of 7

Trusted Directories

Jump to solution

Hi all,

i'm testing the Trusted Directory feature of MAC and can't seem to get it to work. i'm using systinternals bginfo.exe to test and have it on a share on a the local box.

the solidcore rule pathh is configured as \\systemname\Evaluation\Sysinternals, Action is include & updater is no. i have ensured that this rule is applied to my policy but when i go to run bginfo, i get an execution denied event.

- i shared the folder  and still get an execution denied event.

questions:

- what am i doing wrong?

- should the files on the local share be whitelisted ( i didn't think so)

1 Solution

Accepted Solutions
Highlighted
neelima
Level 12
Report Inappropriate Content
Message 5 of 7

Re: Trusted Directories

Jump to solution

ah, so the path added in the rule(\\22.229....) has to the path on the client. So on client if you run bginfo from (\\22.229.69.54\..), it will run. (C:\evaluation\...) dos not match the rule.

6 Replies
oge
Level 7
Report Inappropriate Content
Message 2 of 7

Re: Trusted Directories

Jump to solution

Hi All,

seems like i found a solution to my problem.

according to KB 84759, Application and Change control do not support configuring a network path as a Trusted Directory

so the way i was configuring the network path was \\<IP>\\ or \\<server-name>\\ this is wrong & results in the configuration not applying correctly & thus preventing file execution from the network share.

the solution is to mount the network share to a local path on the system & then configure the local path as your trusted directory.

this worked for me

neelima
Level 12
Report Inappropriate Content
Message 3 of 7

Re: Trusted Directories

Jump to solution

oge,

MAC allows for network path to be added as trusted directories without it being mapped as a local path.

Can you dump the execution denied event ?

oge
Level 7
Report Inappropriate Content
Message 4 of 7

Re: Trusted Directories

Jump to solution

neelima,

the path for the rule is the 3rd one.

Capture.PNGdenied event from client.PNGRule.PNG

Highlighted
neelima
Level 12
Report Inappropriate Content
Message 5 of 7

Re: Trusted Directories

Jump to solution

ah, so the path added in the rule(\\22.229....) has to the path on the client. So on client if you run bginfo from (\\22.229.69.54\..), it will run. (C:\evaluation\...) dos not match the rule.

oge
Level 7
Report Inappropriate Content
Message 6 of 7

Re: Trusted Directories

Jump to solution

Morning neelima,

you were right. i just updated the rule to match the path on the client & it worked.

one more question:

would mounting the network share to a local path on one system & then configuring the local path as your trusted directory work for multiple clients on the same network accessing one share?

neelima
Level 12
Report Inappropriate Content
Message 7 of 7

Re: Trusted Directories

Jump to solution

oge,

trusted directory policy will have to be applied to all the clients.

If local path will be used then a trusted directory policy to that effect will need to be applied on the concerned clients.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community