Group:  English: General ยป microsoft.public.windows.group_policy
Thread: Software Restriction Policies and Symantec Antivirus

DotNetBag
.NET Development Newsgroups

HTVi
TV Discussion Newsgroups

 Our Hot Pick: Rising Antivirus 2006 - Certified by TUV & Checkmark! Get 10% discount by entering this coupon code: ONDISCOUNT10
Rising Antivirus 2006

Software Restriction Policies and Symantec Antivirus
"Jose" <who[ at ]cares.lt> 12.07.2007 06:19:34
Hello,

I recently implemented SRPs in my Windows network, thoroughly testing many
things before deployment. So, after deploying SRPs everything works fine:
allowed programs start, disallowed programs don't.

However, I have problem with Symantec AntiVirus 10.x clients - they appear
like their Auto Protect is disabled (SAV yellow shield icon is in red
circle), but SAV client software itself is running, i.e. I see yellow shield
icon in the task tray, I can double click it, SAV client opens, I can run
scans etc etc. Before deploying SRPs SAV worked fine without trouble.

SRPs config is set to default, appart from that I am exclusively allowing to
run all programs in C:\Program Files\ and C:\Windows\ directories by path
rule (+some additional path rules for network servers with startup scripts
and software install distribution point).

SAV is installed in C:\Program Files\. All SAV services, that are set to
start automatically, are started. Event viewer shows nothing unusual, no SAV
or other software error messages.

I suspect that I need additional SRP registry path rules for SAV, but
walking through registry in search for "Symantec" gave me no clue.

So, maybe somebody already was dealing with this problem and could give me a
suggestion where to start from? ;)
Re: Software Restriction Policies and Symantec Antivirus
Myweb <meiweb[ at ]gmx.de> 12.07.2007 17:18:58
Hello Jose,

Check out the website from symantec or call the support from them. Seems
to be SAV problem not really Windows

Best regards

Myweb
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

[Quoted Text]
> Hello,
>
> I recently implemented SRPs in my Windows network, thoroughly testing
> many things before deployment. So, after deploying SRPs everything
> works fine: allowed programs start, disallowed programs don't.
>
> However, I have problem with Symantec AntiVirus 10.x clients - they
> appear like their Auto Protect is disabled (SAV yellow shield icon is
> in red circle), but SAV client software itself is running, i.e. I see
> yellow shield icon in the task tray, I can double click it, SAV client
> opens, I can run scans etc etc. Before deploying SRPs SAV worked fine
> without trouble.
>
> SRPs config is set to default, appart from that I am exclusively
> allowing to run all programs in C:\Program Files\ and C:\Windows\
> directories by path rule (+some additional path rules for network
> servers with startup scripts and software install distribution point).
>
> SAV is installed in C:\Program Files\. All SAV services, that are set
> to start automatically, are started. Event viewer shows nothing
> unusual, no SAV or other software error messages.
>
> I suspect that I need additional SRP registry path rules for SAV, but
> walking through registry in search for "Symantec" gave me no clue.
>
> So, maybe somebody already was dealing with this problem and could
> give me a suggestion where to start from? ;)
>

Re: Software Restriction Policies and Symantec Antivirus
"Darren Mar-Elia" <dmanonymous[ at ]microsoft.com> 12.07.2007 18:58:48
I would turn on SRP logging. It generates a log file of all processes that
pass/fail SRP rules, which can be very useful in this scenario. You'll need
to add a registry entry on the target system. Specifically, under
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, add a REG_SZ
value called Logfilename and in that value, enter a path and file name where
you want SRP activity to be logged.

Darren

--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy

Simplify Group Policy Troubleshooting with the NEW GPExpert Troubleshooting
Pak 1.0 at http://www.sdmsoftware.com/products.php

Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
Information Hub:
FAQs, Training Videos, Whitepapers and Utilities for all things Group
Policy-related

"Myweb" <meiweb[ at ]gmx.de> wrote in message
news:ff16fb66401b18c992d0a1e6b1b8[ at ]msnews.microsoft.com...
[Quoted Text]
> Hello Jose,
>
> Check out the website from symantec or call the support from them. Seems
> to be SAV problem not really Windows
>
> Best regards
>
> Myweb
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
>
>> Hello,
>>
>> I recently implemented SRPs in my Windows network, thoroughly testing
>> many things before deployment. So, after deploying SRPs everything
>> works fine: allowed programs start, disallowed programs don't.
>>
>> However, I have problem with Symantec AntiVirus 10.x clients - they
>> appear like their Auto Protect is disabled (SAV yellow shield icon is
>> in red circle), but SAV client software itself is running, i.e. I see
>> yellow shield icon in the task tray, I can double click it, SAV client
>> opens, I can run scans etc etc. Before deploying SRPs SAV worked fine
>> without trouble.
>>
>> SRPs config is set to default, appart from that I am exclusively
>> allowing to run all programs in C:\Program Files\ and C:\Windows\
>> directories by path rule (+some additional path rules for network
>> servers with startup scripts and software install distribution point).
>>
>> SAV is installed in C:\Program Files\. All SAV services, that are set
>> to start automatically, are started. Event viewer shows nothing
>> unusual, no SAV or other software error messages.
>>
>> I suspect that I need additional SRP registry path rules for SAV, but
>> walking through registry in search for "Symantec" gave me no clue.
>>
>> So, maybe somebody already was dealing with this problem and could
>> give me a suggestion where to start from? ;)
>>
>
>

Re: Software Restriction Policies and Symantec Antivirus
"Jose" <who[ at ]cares.lt> 13.07.2007 04:53:23
Getting a tip on how to troubleshoot a problem and not how to solve it
directly is even more interesting for me ;) Thanks a lot, Darren!


"Darren Mar-Elia" <dmanonymous[ at ]microsoft.com> wrote in message
news:5DF39E33-899E-489F-8FED-B0275A9A2BD1[ at ]microsoft.com...
[Quoted Text]
>I would turn on SRP logging. It generates a log file of all processes that
>pass/fail SRP rules, which can be very useful in this scenario. You'll need
>to add a registry entry on the target system. Specifically, under
>HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, add a
>REG_SZ value called Logfilename and in that value, enter a path and file
>name where you want SRP activity to be logged.
>
> Darren
>
> --
> Darren Mar-Elia
> MS-MVP-Windows Server--Group Policy
>
> Simplify Group Policy Troubleshooting with the NEW GPExpert
> Troubleshooting Pak 1.0 at http://www.sdmsoftware.com/products.php
>
> Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
> Information Hub:
> FAQs, Training Videos, Whitepapers and Utilities for all things Group
> Policy-related
>
> "Myweb" <meiweb[ at ]gmx.de> wrote in message
> news:ff16fb66401b18c992d0a1e6b1b8[ at ]msnews.microsoft.com...
>> Hello Jose,
>>
>> Check out the website from symantec or call the support from them. Seems
>> to be SAV problem not really Windows
>>
>> Best regards
>>
>> Myweb
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>>
>>> Hello,
>>>
>>> I recently implemented SRPs in my Windows network, thoroughly testing
>>> many things before deployment. So, after deploying SRPs everything
>>> works fine: allowed programs start, disallowed programs don't.
>>>
>>> However, I have problem with Symantec AntiVirus 10.x clients - they
>>> appear like their Auto Protect is disabled (SAV yellow shield icon is
>>> in red circle), but SAV client software itself is running, i.e. I see
>>> yellow shield icon in the task tray, I can double click it, SAV client
>>> opens, I can run scans etc etc. Before deploying SRPs SAV worked fine
>>> without trouble.
>>>
>>> SRPs config is set to default, appart from that I am exclusively
>>> allowing to run all programs in C:\Program Files\ and C:\Windows\
>>> directories by path rule (+some additional path rules for network
>>> servers with startup scripts and software install distribution point).
>>>
>>> SAV is installed in C:\Program Files\. All SAV services, that are set
>>> to start automatically, are started. Event viewer shows nothing
>>> unusual, no SAV or other software error messages.
>>>
>>> I suspect that I need additional SRP registry path rules for SAV, but
>>> walking through registry in search for "Symantec" gave me no clue.
>>>
>>> So, maybe somebody already was dealing with this problem and could
>>> give me a suggestion where to start from? ;)
>>>
>>
>>
>

Home | Search | Terms | Imprint | Contact
Newsgroups Reader - provided by WiredBox.Net