WSS Block executables into zip file

I need a solution

Hello everyone

I need you help, in my portal of WSS I do a rule to block all executable files *.exe, according this KB

https://support.symantec.com/en_US/article.TECH245091.html

The rule work fine, but if the file *.exe is compress in file *.zip don´t work

Any idea of ​​why it does not work like that?

regards

Andres Garcia

0

Related:

  • No Related Posts

Deployment with multiple commands on one line

I need a solution

We have a package that requires some registry keys to be injected after the install to skip a registration phase.

The following command line works when run manually:

TrackVis_setup_v0.6.1.exe /S & reg.exe IMPORT trackvis_HKLM.reg /reg:64

However, if I use this as part of a software deployment task, in the command line box, one of two things will happen:

1. If the EXE installer is run fine the application installs correctly but the registry keys are not imported.

2. If you swap them around the registry key fails to import, error code 1, and the application install is not even attempted.

For now I have added an “install.bat” to the software package and called this instead, with the installation type set to “Windows Batch Installation file”, which is not ideal and causes the batch file to appear on screen but it does work.

Does Altiris not cope well with multiple commands like this or am I doing something wrong? Suggestions would be most welcome.

Howard

0

Related:

  • No Related Posts

Error “There is a problem with this Windows Installer package…….. Contact your support personnel or package vendor” when Installing Windows Receiver

Installation of Receiver fails with the following error,

“There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor”

Running Microsoft Fixit throws the following error,

“C:WindowsSystem32Rundll32.exe is missing”

\No Trolley Express log is generated under C:UsersusernameAppDataLocalTemp

In Event Viewer we see the following error from MsiInstaller,

Event 11721, MsiInstaller

Product Online Plug-in — Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: CtxCliLkdnInstallPerMachine.UID, location: C:Program FilesICA Client, command: rundll32.exe”C:Program FilesCitrixICA Clienticaconfs.dll”, ApplyConfigurationA import –replace -f -all “C:Program FilesCitrixICA ClientConfiguration” –RunAsAdmin.

Related:

Folder Exclution

I need a solution

Hello:

I’ve raised the security policies in the Endpoint protection Manager, after that many .exe file started to be blocked (I think it’s fine and normal) but, here, the developers create a lot of programs that connects and execute .exe files that the AV block and erase

For example the folder where those files tries to execute is:

c:usersusername_1appdatalocalapps2.0program1.exe

c:usersusername_2appdatalocalapps2.0program2.exe

c:usersusername_3appdatalocalapps2.0program3.exe

And many users run those programs so I can no create an exception for each one. So to prevent this I created the following exception:

%[COMMON_APPPDATA]%localapps2.0

For 3 days I thought this has solved the problem but today another program in that folder was blocket, could anyone please help me on how to correct develop an exclution?

Thank you.

0

Related:

Does anyone know which bulletin keeps Windows Defender on Windows 7 up-to-date?

I need a solution

Based on a query of the database, I would think MSWD-001 should, but is extremely old. (showing mpas-fe-117924920.exe/mpas-fe-X64-117924920.exe) The version shown (117924920) equates to 1.179.2492.0 and is from Definition Update for Microsoft Security Essentials – KB2310138 (Definition 1.179.2492.0). The support article for KB2310138 states it was last updated in 2011.

In the MSWD-001 package folder on the ITSM server, the file names are not versioned, but the version of the files is 1.243.470.0. (for 3) and 1.243.459.0 (for 1).

My head hurts. Any assistance is greatly appreciated.

0

Related:

  • No Related Posts

Can Guardium detect closing database processes?

I’d like to config a rule that can detect the following:

“close_process”:
{
“close_process”:1,
“process”:[“msftesql.exe”,”sqlagent.exe”,”sqlbrowser.exe”,”sqlservr.exe”,”sqlwriter.exe”,”oracle.exe”,”ocssd.exe”,”dbsnmp.exe”,”synctime.exe”,”mydesktopqos.exe”,”agntsvc.exeisqlplussvc.exe”,”xfssvccon.exe”,”mydesktopservice.exe”,”ocautoupds.exe”,”agntsvc.exeagntsvc.exe”,”agntsvc.exeencsvc.exe”,”firefoxconfig.exe”,”tbirdconfig.exe”,”ocomm.exe”,”mysqld.exe”,”mysqld-nt.exe”,”mysqld-opt.exe”,”dbeng50.exe”,”sqbcoreservice.exe”]
},

Would I use CAS to do that? Can I create a policy rule to do this?

Appreciate the help.

Related:

Program filenames must end with .EXE.

Details
Product: Windows Operating System
Event ID: 3718
Source: System
Version: 5.0
Symbolic Name: APE_OnlyNetRunExes
Message: Program filenames must end with .EXE.
   
Explanation

This message should occur only on a workstation. Any action to correct the problem should be performed on that computer. The Netrun service runs only programs with the file name extension .EXE.

   
User Action

To use a program with a .COM extension, an administrator must rename it to an .EXE file.

Related: