thanks Brian,
I am well aware oh how SEP now manages the FBWF and how it supports embedded OS.
the problem i am running is i have a very unsupported environment, the FBWF is installed but turned off, the EWF is install and turned off, the Regfilter (works with FBWF) is installed and turned on.
so SEP installs finds the regfilter, adds exclusions for the registry locations, when the embedded OS is rebooted these protected keys should be written to the protected area of the registry and retained.
the problem i am running into is the regfilter is missing the ramdrive portion of the install so it is a 1MB file that is getting loaded into RAM at each boot, these changes are not getting written to registry at logoff, perhaps because i am missing the FBWF.
what i would like to know:
the SEP.msi has properties value of securecustomproperties, one of the actions that runs is filter REGFILTERINSTALLED which ends up with a value of 1 which means the regfilter is installed.
i would like to know what this action is judged on so i can remove it to prevent SEP from detecting the regfilter, or i would like to run the SEP install with a mst that replaces this value. i have tried with REGFILTERINSTALLED=0 but the action that runs after alters this back to 1.
cheers