Even though you installed the printer drivers before you solidified he system there will be several updates that need to take place once you attach the printer. Since the system is not solidified those updates can't take place. What you need to do now is track down which process needs to be added as an updater so that when you plug a printer in those updates can take place.
Recreate the issue and look in the solidcore.log file. You should be able to see some deny exec errors during a time when the printer driver is trying to install. Those deny exec error will include the parent process and other useful information.
Good luck and have a great day!!
Thanks for the quick reply Jeff
Looking at the log file it states that the C\windows\system32\drvinst.exe is what is being blocked when modifying the usbprint.sys. I don't know if we want the executable to be an updater as this might allow the drivnst.exe to be exploited. If I just unsolified the .sys file, then the system denies execution of the spoolsv.exe on launching \windows\system32\hpz3llhn.dll and drvinst.exe on the \windows\system32\drivers\set67d7.tmp.
Is there a way to have solidcore allow for all printer drivers already on the system to be installed without an exception to every printer dll with drvinst.exe?
1 of 1 people found this helpful
You right you don't want to make the drvinst.exe an update but there is a better option. What you want to do is make the usbprint.sys file and updater as long as the rundll32.exe is the parent process. The command would look like this.
sadmin updaters add -l usbprint.sys drvinst.exe
That should allow you printer drivers to install and keep you nice and secure at the same time.
Hope that helped and have a great day.
I've done that but I'm still getting a solidifier prevented unauthorized execution of C:\windows\system32\hpz3llhn.dll by c:\windows\system32\spoolsv.exe
So I've done a similar command: sadmin updaters add -l hp3llhn.dll spoolsv.exe
But I'm still getting the same error, I've tried it a couple of ways. I'm I missing something? Can you please provide the command for the spoolsv.exe?
Looking at sadmin updaters list
spoolsv.exe -l HPZ3LLHN.dll
spoolsv.exe -l system32\ HPZ3LLHN.dll
spoolsv.exe -l \windows\system32\ HPZ3LLHN.dll
Solidcore.txt log output
U.1460.1824: Jun 30 2010:14:03:16.674: ERROR: evt.c : 1216: McAfee Solidifier prevented unauthorized execution of 'C:\Windows\System32\HPZ3LLHN.DLL' by process C:\Windows\System32\spoolsv.exe (Process Id: 1928, User: NT AUTHORITY\SYSTEM).
K.1928.3588: Jun 30 2010:14:03:16.672: SYSTEM: cctl_kern.c : 1169: Process '\Device\HarddiskVolume1\Windows\System32\spoolsv.exe' tried to launch '\Device\HarddiskVolume1\Windows\System32\HPZ3LLHN.DLL' which has been DENIED EXECED. Exec perms =0
Message was edited by: dwightb added log output on 6/30/10 4:05:53 PM CDT
Well the command looks right to me.
sadmin updaters add -l hp3llhn.dll spoolsv.exe
I'm find the file in the file system and make sure the name of the dll is correct. In a txt file its really easy to confuse some of the ascii text characters. If that doesn't help I'd open up a support ticket so we can better troubleshoot this.
You can try this also.
Sadmin updaters add spoolsv.exe
Sadmin updaters remove -l \system32\ HPZ3LLHN.dll spoolsv.exe
Sadmin updaters remove -l \windows\system32\ HPZ3LLHN.dll spoolsv.exe
Reboot the system after adding the updaters.
1 of 1 people found this helpful
Check the <install dir>\finetune.bat for the correct rule to install the printer drivers.
Well we launch the platform out to the field with the printer drivers for an HP 6000 printer on a solidified PC and everything went fine until...we had to upgrade to newer HP6100 printers. Now I'm getting the same issue as before with theHPZ3LLHN.DLL not installing. So I can't get the Printer to install without going into update mode. Anyone have any ideas on how to install printer drivers or what to make an updater in the system, as we have our "medical device" password protected and I don't want to be able to have a user go into update mode. I've tried looking at the finetune.bat file, but that does not seem to work either. Any help would be appreicated.