6 Replies Latest reply on Jun 25, 2015 4:47 PM by neelima

    Trusted Directories

    oge

      Hi all,

       

      i'm testing the Trusted Directory feature of MAC and can't seem to get it to work. i'm using systinternals bginfo.exe to test and have it on a share on a the local box.

       

      the solidcore rule pathh is configured as \\systemname\Evaluation\Sysinternals, Action is include & updater is no. i have ensured that this rule is applied to my policy but when i go to run bginfo, i get an execution denied event.

       

      - i shared the folder  and still get an execution denied event.

       

      questions:

      - what am i doing wrong?

      - should the files on the local share be whitelisted ( i didn't think so)

        • 1. Re: Trusted Directories
          oge

          Hi All,

           

          seems like i found a solution to my problem.

           

          according to KB 84759, Application and Change control do not support configuring a network path as a Trusted Directory

           

          so the way i was configuring the network path was \\<IP>\\ or \\<server-name>\\ this is wrong & results in the configuration not applying correctly & thus preventing file execution from the network share.

           

          the solution is to mount the network share to a local path on the system & then configure the local path as your trusted directory.

          this worked for me

          • 2. Re: Trusted Directories

            oge,

             

            MAC allows for network path to be added as trusted directories without it being mapped as a local path.

             

            Can you dump the execution denied event ?

            • 3. Re: Trusted Directories
              oge

              neelima,

               

              the path for the rule is the 3rd one.

              Capture.PNGdenied event from client.PNGRule.PNG

              • 4. Re: Trusted Directories

                ah, so the path added in the rule(\\22.229....) has to the path on the client. So on client if you run bginfo from (\\22.229.69.54\..), it will run. (C:\evaluation\...) dos not match the rule.

                • 5. Re: Trusted Directories
                  oge

                  Morning neelima,

                   

                  you were right. i just updated the rule to match the path on the client & it worked.

                   

                  one more question:

                   

                  would mounting the network share to a local path on one system & then configuring the local path as your trusted directory work for multiple clients on the same network accessing one share?

                  • 6. Re: Trusted Directories

                    oge,

                     

                    trusted directory policy will have to be applied to all the clients.

                     

                    If local path will be used then a trusted directory policy to that effect will need to be applied on the concerned clients.