Regarding your first issue: Even if you see services.exe/svchost.exe getting write denied message while accessing driverstore, any of thedevice like printers, USB etc. when you connect to the system, are they functioning properly? How about the system behaviour - is it normal?
Wscripts.exe should work. Try also adding wscript to binary list as a hash.
Issue 3 and 4 : I am working with solidcore more than a year, never seen those behaviours. Do you have an encryption s/w installed which controls the screen and system locking?
The systems do seem to run properly, other than the lock up issues. Software doesn't seem to fail at this point. I haven't really used the binary list at this point, do you use that list a lot?
We do have encryped hard drives in these systems using wavesys software... disk level FDE. Have you seen that be an issue?
Issue number 1:
Can you verfify what the client considers approved (vs. what is in the console) by using the command line. This will verify the client has the policys
sadmin updaters list
We had somthing similar with annother file. I will ask around.
We have this issue currently as well"
- Computers with solidcore lock up on shutdown. They are all running win7 and get to "shutting down" and freeze; put solidcore into update mode, they shutdown fine
We have heard of this issue but have not been able to recreate it
1st: have you added the pre-defined rules/rule groups that are called sth like "windows system" (or only system? or only windows? not sure so far), windows update, etc? (you can check / modify that groups ba duplicating).
2nd: is sth reported in OBSERVE mode that would be blocked? (if yes - create rule / policy from result; if not: maybe its its some script or so on a network share like logon/logoff scrips (you could add this SYSVOL... stuff as a trusted directory)
Reguarding : "Computers with solidcore lock up on shutdown"
What we found was that the Software Deployment app: BigFix/TEM/IEM (what ever you call it this month) stops when it tries to read the file "C:Solidcore\_tdll.dll". Nothing gets displayed on the screen. Any time after that file is read, when a user goes to shutdown, the system will not do it, it hangs.
When the file is read, this also stops the besclient.exe from functioning. Besclient is the software deployment agent used by BigFix/TEM/IEM.
As best as we can tell the file "C:Solidcore\_tdll.dll" is read as part of an assessment for Microsoft Seecurity Patches by a Bigfix fixlet. A fixlet is a besclient script that can query a system for information.
At this time we have opened a case with IBM for BigFix and McAfee for Application Control/Solidcore.
These are all the same product. IBM keeps changing the name of it.
Tivoli Endpoint Manager
IBM Endpoint Manager
I still have issues with Windows 7 systems where once the systems are solidified (MA 4.8, VSE 8.8 Solidcore 6.1.3)it hangs at "Shutting down" and have to do a hard reboot.
Unsolidified systems works fine.
Any ideas guys..?
Issue4, can you provide a dump of the system when you see a hang. That's the fastest way to check where the issue is.