5 Replies Latest reply on Feb 22, 2011 2:05 PM by eltonito

    Advice on policy config for .msi files?

    eltonito

      Aloha,

       

      I'm generally comfortable with updaters, binaries, installers, etc but I've run into a snag whitelisting an msi that we need to execute in the field.  Since the msi itself isn't truly an executable, it shouldn't be able to function as an updater.

       

      Examing the event logs,  I see that explorer.exe calls msiexec.exe when the msi in question is double-clicked.  Granting updater status to explorer.exe is an obviously bad idea and I'm not too fond of giving msiexec.exe such status either, so I'm trying to determine the best strategy.  I've toyed with parent and library settings, but none seem to achieve the granularity I'd prefer in regards to the specific msi. 

       

      Does anyone have any suggestions/feedback on Application Control policies and msi's?

       

      Thanks,

      T.