cancel
Showing results for 
Search instead for 
Did you mean: 
oge
Level 7

Trusted Directories

Jump to solution

Hi all,

i'm testing the Trusted Directory feature of MAC and can't seem to get it to work. i'm using systinternals bginfo.exe to test and have it on a share on a the local box.

the solidcore rule pathh is configured as \\systemname\Evaluation\Sysinternals, Action is include & updater is no. i have ensured that this rule is applied to my policy but when i go to run bginfo, i get an execution denied event.

- i shared the folder  and still get an execution denied event.

questions:

- what am i doing wrong?

- should the files on the local share be whitelisted ( i didn't think so)

0 Kudos
1 Solution

Accepted Solutions
neelima
Level 12

Re: Trusted Directories

Jump to solution

ah, so the path added in the rule(\\22.229....) has to the path on the client. So on client if you run bginfo from (\\22.229.69.54\..), it will run. (C:\evaluation\...) dos not match the rule.

0 Kudos
6 Replies
oge
Level 7

Re: Trusted Directories

Jump to solution

Hi All,

seems like i found a solution to my problem.

according to KB 84759, Application and Change control do not support configuring a network path as a Trusted Directory

so the way i was configuring the network path was \\<IP>\\ or \\<server-name>\\ this is wrong & results in the configuration not applying correctly & thus preventing file execution from the network share.

the solution is to mount the network share to a local path on the system & then configure the local path as your trusted directory.

this worked for me

0 Kudos
neelima
Level 12

Re: Trusted Directories

Jump to solution

oge,

MAC allows for network path to be added as trusted directories without it being mapped as a local path.

Can you dump the execution denied event ?

0 Kudos
oge
Level 7

Re: Trusted Directories

Jump to solution

neelima,

the path for the rule is the 3rd one.

Capture.PNGdenied event from client.PNGRule.PNG

0 Kudos
neelima
Level 12

Re: Trusted Directories

Jump to solution

ah, so the path added in the rule(\\22.229....) has to the path on the client. So on client if you run bginfo from (\\22.229.69.54\..), it will run. (C:\evaluation\...) dos not match the rule.

0 Kudos
oge
Level 7

Re: Trusted Directories

Jump to solution

Morning neelima,

you were right. i just updated the rule to match the path on the client & it worked.

one more question:

would mounting the network share to a local path on one system & then configuring the local path as your trusted directory work for multiple clients on the same network accessing one share?

0 Kudos
neelima
Level 12

Re: Trusted Directories

Jump to solution

oge,

trusted directory policy will have to be applied to all the clients.

If local path will be used then a trusted directory policy to that effect will need to be applied on the concerned clients.

0 Kudos