0 Replies Latest reply on Jan 13, 2016 11:25 AM by volcomdesigns

    Enabling Anti-virus Maximum Protection:Prevent svchost executing non-Windows executables

    volcomdesigns

      Hello,

       

      In an effort to further secure our network I have made a recent attempt to create a test policy in ePO for VSE Access Protection preventing svchost from executing non-windows executables.

      I am running into some issues however; I have attempted to make exceptions as needed for svchost to run legitimate application .dll's, but I have actually managed to run out of "allowed characters" in my exceptions box for this policy due to the overwhelming amount of .dll files svchost loads.

       

      Is there no other way to make exceptions for this rule? I don't want to disable this policy rule but seeing as I am running out of allowed characters to exclude from the rule I don't see what other choice I have.

      I have attached a screenshot to help explain the problem visually.
      Software Details:

      VSE 8.8
      ePO 5.3.1

      svchost_rule.png