4 Replies Latest reply on Jul 10, 2014 3:22 AM by bunnyad

    On enabling application control firewall settings are changed

    bunnyad

      Hi,

       

      I have installed standalone Applicaton Control (Version: 6.1.3.264) in Windows 7 machine.

      I have solidified C drive and enbled Apllication control and restarted system.

       

      On restart i can see that some firewall settings are getting changed which i got to know from registry editor.

       

      For example,

      For one of the use case of our application we have set 'AllowLoclPolicyMerge' to 1 in registry path  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\

      But after installing Application Control and enabling the registry value of 'AllowLocalPolicyMerge' is reset to 0.

       

      Bcoz of this usecase is faling.

       

      Please let me know why application control is resetting few values and please provide solution for this so that the values does not change after solidification and enabling of Application Control.

       

      Regards,

      Bharath

        • 1. Re: On enabling application control firewall settings are changed

          Bharath,

           

          I am crosschecking this. I will update this thread as soon I have an update.

          • 2. Re: On enabling application control firewall settings are changed
            hyadav

            Hi Bharath,

             

            Application Control does not change any firewall settings. Still, I would like to see the installation logs in <systemvolume:>\Windows\solidcore_installer.log.

            Also, it would be much helpful if you could run ProcMon, capture its logs and share,

             

            Thanks,

            Himanshu

            • 3. Re: On enabling application control firewall settings are changed
              bunnyad

              For workaround i have used command sadmin write-protect-reg -i HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Al lowLocalPolicyMerge. Workaround worked successfully.

               

              Later, on checking Solidcore.log file after adding above command we got a entry saying “U.1276.1480: Jun 25 2014:14:57:46.748:  ERROR: evt.c      : 1240: McAfee Solidifier prevented an attempt to modify Registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' with value 'AllowLocalPolicyMerge' by process C:\Windows\System32\svchost.exe (Process Id: 452, User: NT AUTHORITY\SYSTEM).”

               

              On checking the services which are running under process svchost.exe (Process Id: 452) 'Group Policy Client' is one of the service running.

               

              To clarify that Group Policy Client is the service which resets registry key when solidcore is enabled, we have disabled Group Policy Client and solidified the machine, registry setting was not reset to “0”. Hence confirmed its Group Policy Client which reset registry value with solidcore installation.

              I need to know why application control triggered Group policy client to reset registry key.

              • 4. Re: On enabling application control firewall settings are changed
                bunnyad

                Hi Yadav,

                 

                Will try to attach log files as requested.