7 Replies Latest reply on Jul 1, 2013 4:02 PM by techchick69

    Allow executable to run for multiple clients

    techchick69

      Good morning,

       

      In need of some help here from you HIPS 8 guru's. 

       

      I need to allow a Juniper SSL VPN client to run on multiple computers for multiple users (i.e. multiple users loggin in with different profiles).  I've created every exception under the sun to allow the junipersetupclient.exe to run within HIPS 8 Trusted Applications and within the Exceptions in the IPS.  I have the "trust for IPS and FW" option checked.

       

      The specific block error is:

       

      Event:  Intrusion

      Description:  Juniper Setup Client (JuniperSetupClient.exe)

      Path:  C:\USERS\TAYLOGF\APPDATA\ROAMING\JUNIPER NETWORKS\SETUP CLIENT\JUNIPERSETUPCLIENT.EXE

      Message:  Attack type:  IE Envelope - Abnormal Program Execution (Sig Id = 2640)

       

      The exception I've created includes the Sig Id of 2640.

      The executable path contains C:\USERS\*\APPDATA\ROAMING\JUNIPER NETWORKS\SETUP CLIENT\JUNIPERSETUPCLIENT.EXE

      I've had to use the wild card * for the user's profile name as this exception will need to be applied to more than one user.  I've also used ** in place of the one * just to see if that works, and yet the HIPS UI on the client laptop still blocks the executable from running and installing.

      I've included None as the Signer.

      For the Parameters, I added the domain\Domain Users group as multiple users will need to install this executable on their laptops to access our network remotely.

       

      I've pretty much created every Exception I can think of yet this executable is still getting blocked?  I've created it in HIPS 8 and in HIPS7 (just as a test to see if it works) basically have created this exception in every policy you can think of.

       

      Any ideas?

       

      Any advice is greatly appreciated.

       

      Thanks,

      Yvonne