Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
860 Views 1 Reply Latest reply: Nov 30, 2012 12:12 PM by Kary Tankink RSS
abramojt The Place at McAfee Member 9 posts since
Nov 4, 2009
Currently Being Moderated

Nov 30, 2012 10:34 AM

Cisco SSL VPN Connect before login

We are using Cisco SSL VPN with the Connect before logon enabled. Problem is that when a user logs into the VPN on an XP Professional workstation it Downloads the connect before logon. HIPS 8.0 is trigger on Signature 959. Prevent modification of the msgina registry key.

The process the is triggering this the msiexec.exe. I can exclude the msiexec but that seams like it would leave me open for alot of other malware to change the key using the windows installer. Is there a way to do an exclusion tied to the installation of the just the connect before logon piece? I ran the process explorer and watched the install and it appears the first thing that is launched is VPNDownLoader.exe. The stcexe.exe is triggered and msiexec.exe is opened under that.

 

Thank You

 

JT

  • Kary Tankink McAfee Employee 654 posts since
    Mar 3, 2010
    Currently Being Moderated
    1. Nov 30, 2012 12:12 PM (in response to abramojt)
    Re: Cisco SSL VPN Connect before login

    Is there a way to do an exclusion tied to the installation of the just the connect before logon piece?


    You can only create the IPS exception with the HIPS IPS event details that it detects.  If the 3rd party application is using msiexec.exe, then that's how HIPS will see it.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points