system lockdown...is it working?
I tried to simulate a system lockdown solution in our office and I get a baseline with running checksum.exe <outputfile> and then import it as fingerprint list. After than I add it to system lockdown and immediately set it to block. At first everything seems good and I can run applications on that machine and it will block the others, but suddenly I realised that virusdefs are no longer being updated and is being blocked as well!
Surprise continues as adding exception for whole "c:\documents and settings\all users\application data" will not help that. Did I miss something??