Exempting a Program from Software Restriction Policies 3

Post to Twitter Post to Facebook Post to StumbleUpon

This content has been updated since the original publication. You can find all of our updated protection techniques in our Ransomware Prevention Kit. http://www.thirdtier.net/ransomware-prevention-kit/

In our Cyptolocker Prevention Kit (http://www.thirdtier.net/2013/10/cryptolocker-prevention-kit/), we implement Software Restriction Policies. Those policies generally don’t interfere with normal PC operation but can prevent some applications from installing properly. Additionally some older applications may run their .exe files from the blocked locations.

Previously we offered a way to temporarily exempt a computer from the policy (http://www.thirdtier.net/2013/10/how-to-move-computers-in-and-out-of-a-group-policy/). This works great for one time computer setup or larger installation routines. But if you find that you have a repetitive task that requires you to move  computers in and out of the policy you may be better off exempting the .exe from the policy. A good explanation of how to do this has been provided at http://avosec.com. I’ve copied it here for you.

How to allow specific applications to run when using Software Restriction Policies

If you use Software Restriction Policies, or CryptoPrevent, to block CryptoLocker you may find that some legitimate applications no longer run. This is because some companies mistakenly install their applications under a user’s profile rather than in the Program Files folder where they belong. Due to this, the Software Restriction Policies will prevent those applications from running.

Thankfully, when Microsoft designed Software Restriction Policies they made it so a Path Rule that specifies a program is allowed to run overrides any path rules that may block it. Therefore, if a Software Restriction Policy is blocking a legitimate program, you will need to use the manual steps given above to add a Path Rule that allows the program to run. To do this you will need to create a Path Rule for a particular program’s executable and set the Security Level to Unrestricted instead of Disallowed as shown in the image below.

Unrestricted Policy

Once you add these Unrestricted Path Rules, the specified applications will be allowed to run again.

If you find this kind of material useful considering joining the SMBKitchen Project. You can find out more about us at http://www.thirdtier.net

So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals.
Third Tier Get Support BlogFeed Blog Twitter Twitter Facebook Facebook LinkedIn LinkedIN

Leave a comment

Your email address will not be published. Required fields are marked *

This blog is kept spam free by WP-SpamFree.

3 thoughts on “Exempting a Program from Software Restriction Policies

  • Pingback: Cryptolocker Prevention Kit | Third Tier

  • Tamin

    I purchased the kit and deployed the policy, however I’m seeing MS office installs being blocked. Any way to whitelist Microsoft office installs?