SescLU.exe resets permissions on HKEY_USERS\.Default\Software\Microsoft\SystemCertificates\Root\ProtectedRoots
Updated: 21 May 2010 | 5 comments
We are trying to harden servers and workstations for PCI compliance. One of the steps is to tighten permissions on HKEY_USERS\.Default\Software\Microsoft\SystemCertificates\Root\ProtectedRoots. When we do this, within two minutes SescLU.exe reverts the permissions on the key.
Is there a way to stop this from happenning?
discussion Filed Under:
Comments
The only permissions you need
The only permissions you need on this key are READ for all users that will be using the system.
What permissions are you setting on this key and what is Symantec reverting it back to?
I am setting
I am setting BUILTIN\Administrators=Full Control, NT AUTHORITY\SYSTEM=Full Control, BUILTIN\Users=Read per our policy rules. As soon as I update content from the console or update policy from the client, it reverts it back to EVERYONE=Read and NT AUTHORITY\SYSTEM=Full Control.
Systems affected
It appears to be doing this on both Windows 2003 Server and XP.
Has anyone else dealing with PCI compliance experienced this behavior?
https://www-secure.symantec.
https://www-secure.symantec.com/connect/forums/after-install-sep-client-mr5-i-have-receive-all-machine-events-error-crypt32
It looks Proactive Threat Protection touches the Root Certificates.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
What PCI requirement are you trying to comply with?
Since "everyone" is effectively "authenticated users" nowadays, is there really a difference?
I'm pretty conversant in PCI, or so I thought, and we've never had an issue like this pop up. Where is it coming from?
Ray
Would you like to reply?
Login or Register to post your comment.