+1, we're doing pretty much exactly what Jim describes as well for valid 
software exceptions.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kennedy, Jim
Sent: Monday, April 10, 2017 7:56 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Running exe from APPDATA..TEMP directory

There are two Ditto's. One is a toolbar that seems to fit your description.  
The other is an enhancement to clipboard and seems legit. So yea, exceptions of 
course have to be for valid software. I don't have a problem doing it if it is 
valid software.  That's my job, make it usable and safe.  A publisher exception 
is perfectly safe.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden
Sent: Monday, April 10, 2017 10:52 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Running exe from APPDATA..TEMP directory

I'll have to see. Other admin in the department trying to get the exception 
approved for ditto.exe (Screen sharing software).
All I can find it bad installs and corrupt files in GoogleFu.
I am thinking I will be asking from them to get other software that doesn't 
have such a bad track record.


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim
Sent: Monday, April 10, 2017 10:40 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Running exe from APPDATA..TEMP directory

Notice:  This email is from an outside source.  Please do not open any 
attachments, click on any hyperlinks, or respond without first confirming the 
authenticity of the email.

That is very common, and creating exceptions for that directory is to be 
expected.  For example all the webcast/conference software like WebEx use that 
directory. I am assuming you are using Applocker. Hopefully the vendor signed 
their exe with a cert.  Most do these days.  So create a publisher exception, 
that is pretty darn bullet proof and better than doing a path exception.  It 
also future proofs the exception.  When the software updates it is pretty darn 
certain that the cert will look the same.


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden
Sent: Monday, April 10, 2017 10:32 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Running exe from APPDATA..TEMP directory

Have a vendor that want so run his app from the APPDATA..TEMP directory.
I have a GPO that denied .exe from running there or subfolders of there.
Any reason I should allow this?
I have the exact folder and program name but it's opening up an exception to my 
rule??
Any thoughts?

David McSpadden
System Administrator
Indiana Members Credit Union
P: 317.554.8190
[Description: Description: imcu email icon]<http://imcu.com/>  [Description: 
Description: facebook email icon] <https://www.facebook.com/IndianaMembersCU>   
[Description: Description: twitter email icon] 
<https://twitter.com/IndMembersCU>

[Description: Description: email logo]
[http://www.amuletsolutions.com/images/mcp.gif]<http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwjFztf-tePJAhXK5iYKHcPtAxEQjRwIBw&url=http://www.amuletsolutions.com/awards.aspx&bvm=bv.110151844,d.amc&psig=AFQjCNHkrx8CednTEOOq4zUxYyrRUGzUsg&ust=1450459757284499>


This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.


Please consider the environment before printing this email.

This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.


Please consider the environment before printing this email.

Reply via email to