6 Replies Latest reply on Jun 3, 2015 3:23 PM by wwarren

    Legit Password Program

    carnold

      VSE 8.8 p4. We have a user that uses a password "vault" called Dashlane. Since we have instituted tighter VSE policies they say Dashlane is no longer working in firefox (it is a firefox plugin). The problem i have is i can not see where this is being blocked by VSE. Here are the VSE "policies":

       

      anti-spyware standard protection = protect IE settings is report only

       

      Capture.PNG

       

      Capture.PNG

       

      Capture.PNG

       

      Capture.PNG

       

      We dont have any user defined rules set. Where would VSE be blocking Dashlane in these settings?

        • 1. Re: Legit Password Program
          wwarren

          If one of those AP rules was the cause behind the symptom, you would see an Event generated for ePO and the local %deflogdir%\AccessProtectionLog.txt would contain the details.

          If no such details are found there, then those AP rules are not the cause.

           

          There is another product to consider though, which piggybacks on VSE's AP rule functionality. Site Advisor - do you use it?  If so, it has a hardening capability which enables a series of AP rules that get enforced silently and affect the browser.

          The hardening can be disabled via policy.

           

          VSE also has a ScriptScan feature that loads into the browser. Perhaps that is involved? The test would be to see if the issue occurs with ScriptScan disabled.

           

          Otherwise, you need to try and discover more detail about the failure itself. It is Dashlane that is failing; knowing why it's failing would help identify any kind of connection to VSE. e.g. It fails because it doesn't have access to a file, or a registry object, or (the possibilities are many); and the best advice there is to have Dashlane provide the details of why it's failing. No amount of investigation into VSE code is going to explain why Dashlane's code isn't working; we'd only be guessing (which is what I describe above, it's a best guess at how VSE could be involved).

          • 2. Re: Legit Password Program
            carnold

            I am trying to get more info from the user but in the meantime, where is the %deflogdir%?

             

            We do use siteadvisor. Here is the hardening settings:

             

            Capture.PNG

            • 3. Re: Legit Password Program
              wwarren

              Yep, easy test - you should try the behavior with the hardening disabled. That'll let you know if it's Site Advisor's protections or not.

              • 4. Re: Legit Password Program
                wwarren

                Forgot to add -

                 

                %deflogdir% is an environment variable we add to the system that maps to where we store our log files.

                Just click Start | Run | and type in %deflogdir% then Enter.  Easy access to the log files from VSE's features.

                 

                Unfortunately there are plenty of other logs in different locations associated with other technologies that you might think belong to VSE but actually belong to other components or products.

                We've been pushing for some kind of consolidated logging being added to the product for... a long time , I'll leave it at that.

                • 5. Re: Legit Password Program
                  carnold

                  To disable hardening, just remove the checks in the pic above? Or disabled in the browser?

                  • 6. Re: Legit Password Program
                    wwarren

                    carnold wrote:

                     

                    To disable hardening, just remove the checks in the pic above? Or disabled in the browser?

                    Yes, the check boxes.

                    If you're not an ePO whiz, be mindful of "Where" you make policy changes. The policy change will apply to your location in the tree and everywhere underneath. So if you're just wanting to test the policy change on one system, take care you are only changing the policy for one system.

                     

                    If in doubt, read the documentation. Hah, in saying that I realize we're talking about Site Advisor policy which isn't my area of expertise, but I sure hope there's documentation!