Critical System Protection

 View Only
  • 1.  SCSP - How to exclude path from Prevention rule

    Posted Jul 15, 2014 03:45 AM

    Hi

    I have few paths which i want to exclude on SCSP Prevention rules

    C:\Program Files\Microsoft SQL Server\MSSQL11.WEBDS

    C:\Program Files\Microsoft SQL Server\MSAS11.WEBDS

    C:\Program Files\Microsoft SQL Server\110\DTS

    C:\Program Files\Microsoft SQL Server\110\Tools

    C:\Program Files\Microsoft SQL Server\110\COM

    C:\Program Files\Microsoft SQL Server\110\DTS\Binn

    C:\Program Files\Microsoft SQL Server\110\DTS\Connections

    C:\Program Files\Microsoft SQL Server\110\DTS\ForEachEnumerators

    C:\Program Files\Microsoft SQL Server\110\Shared

    I:\

    J:\

    O:\

    P:\

     

    Thanks



  • 2.  RE: SCSP - How to exclude path from Prevention rule
    Best Answer

    Posted Jul 16, 2014 04:06 PM

    Hi,

     

    What policies are you referring to as by default those directories should not be blocked with most policies out of the box? If they are being blocked then you can add them to the Microsoft SQL Server [mssqlsrv_ps] under Process Sets (SCSP).



  • 3.  RE: SCSP - How to exclude path from Prevention rule
    Best Answer

    Posted Jul 17, 2014 03:57 AM

    You want to go into the SQL server sandbox, and add those into the file rules.

     

    You also want to make sure nothing else is blocking those.  Check the warnings/errors when you're testing to see what sandbox its been applied to.  It'll either be in the no priv, safepriv or sql process sets.  But just put them in file rules for the SQL server process set and you'll be able to exclude all of them.  

    I also recommend using system variables when possible, to account for any non default drive letters, so %PROGRAMFILES% instead of C:\Program Files\ etc.

    That DOESN'T work with 32bit programs installed on a 64bit OS though.