Video Screencast Help
Security Community Blog

SEP 12.1 Centralized Exception puzzle

Created: 27 Dec 2011 • Updated: 27 Dec 2011
mon_raralio's picture
+2 2 Votes
Login to vote

Just testing out a centralized exceptions and used Angry IP Scan ver 2.21. Because I know it gets detected. Using SEPM (ver 12.1.671.4971), I created a policy for the file ipscan.exe which is the name of the executable I downloaded and set it to Ignore and when finished shows as Log only. Assigned it to a test group. Forced update all the clients and when all serials are synced started testing.

I tried it out on 2 clients (vers 12.1.671.4971 and 11.0.6300.803). Both times, the test executable was quarantined.

2nd test was, I went to the client (the 11.xx) and opened the quarantine. Selected the ipscan.exe , clicked on Restore , answered Yes on "...sure? , ...create Exclusion...?

After that, I was able to use AngryIPScanner.

Note: There is also an entry for that.

1. Exceptions > Add > Windows Exceptions > Known Risks

2. Find 'AngryIPScanner' and put a check on it. Click Ok

To make sure that the Centralized Exceptions would work, I used the Application option and not the file option. Unless it's for read/write access. Without executing it.

Image shows all the available option, the bottom one is the least likely to work. Although, applying the top most is has the highest risk.