How to prevent processes from seeing virtualized data
|Article:HOWTO2771|||||Created: 2006-03-15|||||Updated: 2010-09-10|||||Article URL http://www.symantec.com/docs/HOWTO2771|
How can I prevent a process from seeing the virtual directories and virtual registry keys that appear when Software Virtualization Solution layers are active? I only want it to see what is actually on the base.
The Software Virtualization Solution (SVS) includes a new feature called Program Ignore. Program Ignore makes it possible for applications that are installed in the base to run and not see virtualized data. This feature is quite simple to use.
- Open regedit and go to HKLM\System\Altiris\FSL.
- Edit the value named "ProgramIgnoreList".
- Enter the complete path for the executable that you want to ignore in "ProgramIgnoreList".
- Restart the computer (the ignore list is only read at system start up).
Antivirus software is one of the main reasons this feature was added. We recommend adding your antivirus scanner to ProgramIgnoreList. You only need to add the scanner executable to this list. Some of the exclude entries used by other customers are listed in this Symantec Connect thread http://www.symantec.com/connect/blogs/ignoring-processes-must-read-symantec-and-norton-antivirus-users It is important to note that SVS does not affect the run-time functionality of antivirus products. Files are scanned as they are opened and SVS does not interfere with this.
There are some other times when you might want an application to be ignored. One example could be an inventory program. If an inventory program sees a file twice (virtualized and unvirtualized), it may get counted twice. Whatever your reason for ignoring a program, this new SVS feature allows you to do it.
Note: There are no security implications for ignoring an executable. The executable will not have any more access than it would if it could see virtual data.
Article URL http://www.symantec.com/docs/HOWTO2771