Hi all,
Using SEP 12.1.1000.157 I have a situation where the Application and Device Control Policy is blocking the installation of Adobe Acrobat Profession 9 on Windows 7. The issue is, even though I exclude the legitimate key that the install is trying to create, the install is failing because it cannot create this last key. I’ve already successfully excluded some other registry key that Acrobat Pro 9 needs to write; but this last one is kickin’ my pants.
The App rule is "Prevent registration of new Toolbars (HIPS) [AC16]". Condition AC16-1.1 is applied to the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\*\*
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\*\*
The conditions above correctly do their job and prevent writes to those keys. However, a legitimate key that Acrobat Pro 9 tries to create needs to be excluded so it can be written. During installation, Acrobat Pro 9 errors with "Error 1406. Could not write value {47833539-D0C5-4125-9FA8-0819E2EAAC93} to key \SOFTWARE\Microsoft\Internet Explorer\Toolbar. Verify that you have sufficient access to that key…"
I have tried multiple combinations for the condition AC16-1.1 in the "Do not apply to the following registry keys", but to no avail. The only way it does install is if I disable the condition or remove the keys from the list that are being protected – but that would defeat the purpose of this App & Dev Control rule. In other words, wildcards are necessary because you want to catch any bad write. But then how do you get it to allow a certain legitimate key in the same path?
Thanks, Tom.