Prevent registration of new Browser Helper Objects (HIPS) [AC15]
Created: 07 Jan 2013 | 5 comments
Hi @ All
We are using a AC rule in SEP to Prevent registration of new Browser Helper Objects. Now it is blocking us some windows updates... (f.e. for Internet Explorer)
How do I have to design the Application Control exclusion?
Thanks for you help
Discussion Filed Under:
Comments 5 Comments • Jump to latest comment
in the application policy, add msiexec under "Do not apply this rule to the following processes:"
SEP Knowledge Base
Endpoint SWAT
This would widen the attack surface to much.
Add the file hash of msiexec
SEP Knowledge Base
Endpoint SWAT
Am I right or is that not allmost the same as disabling the policy? Because allmost anything uses msiexec to install itself, not?
Is there not a possibility to say, msiexec will just be excluded when it is used by the windows update?
Thanks for your help, Brian.
Hello,
What version of SEP 12.1 are you running?
{B4F3A835-0E21-4959-BA22-42B3008E02FF} is a BHO itself with File name URLREDIR.DLL.
However, in your case, msiexec.exe is trying to register itself with the above BHO and is being blocked by SEP.
Could you let me know if the msiexec.exe application is legitimate??
If yes, please diable the ADC rule and run the Application again.
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Would you like to reply?
Login or Register to post your comment.