Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SNAC - network access control to remove registry entries?

Created: 22 Jun 2012 • Updated: 25 Jun 2012 | 1 comment

Is this possible - >  Use Symantec's NAC (SNAC)  part of SEP, or actually the proteciton suite of products, to look for specific RUN keys in the registry and remove them if they exist?
In particular, I want to check for Adobe and JAVA update schedulers. These run among everything else and slow things a bit  - especially since our users don't have administrative rights and WE control the versions, the updates, what and WHEN via other means anyway.

I know these were intended for "home-owners" and computer novices who don't think to keep their computers clean or updated, but they install by default with upgrades and are a royal pain. There should be different packages for enterprise and government, but since that's not the case, I'm looking for a way to clean-up after Adobe and Oracle.

I am wondering if the HI part of SNAC can look for these keys, if they exist, kill them.
They will be found in
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

and are:
"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

USERS WILL NOT HAVE RIGHTS since they are not local admins - they only have rights to HKCU, not HKLM

Comments 1 CommentJump to latest comment

Chuck Edson's picture

Yes, it is possible using the custom scripting engine that is part of SNAC to create a policy that looks for (IF) and changes (THEN) the registry values.

Add a "Custom Requirement".  IF registry key exists THEN set registry value.  We do not have the option to delete keys, only create and change them. 

Or, you can create a .reg file that deletes the key and store the .reg file somewhere on the machine.  I suppose you could also store it on the network if you wanted.  

If you go this route, then your logic should be:  IF registry key exists THEN run a program (and reference the .reg file in the executable).  You could also select "run a script" and call the .reg file in the script.

Make sure that you uncheck the "Show a new process window" if you use the run a program method, or every 3 min (by default) the user will see a command window pop up and go away.

Select the "In system context" option when creating the custom policy in order to get around the rights issue.

 

If a post helps you, please mark it as the solution to your issue.