After the reboot I logged in back onton the domain and everything seemed ok, until i received the following error:
Obviously the domain I login to, enforces a certain logonscript, which is pretty common behaviour within a domain. Because it was a script that is not a part of my local (solidified) computer, it was disallowed. This clearly is a false positive so it requires my first well thought through exception :)
When defining an exclusion rule it is important to decide what type of exclusion best fits your needs. The following types are available:
- Updater (a process that is allowed to update other processes, such as Windows Update)
- Binary (a process specified by its hash value)
- Trusted User (a local or domain user)
- Publisher (the software vendor recognized by their digital signature, eg "Microsoft")
- Trusted Directory (a certain location where only trusted files recide)
- Installer (a process that is allowed to install new software, such as Altiris)
In this particular case I have decided that Trusted Directory best suits my needs. I also see that if looking at targeted attacks the knowledge of these exclusions should only be available to a limited amount of coworkers, but that is possible in ePO quite easily.
No comments:
Post a Comment