Well this should be interesting - I finally have Savant Whitelisting fully deployed (all 32 systems worth, LOL) at my primary %sidejob% client. By deployed I mean agent installed and put into "protected" mode.
I have only seen three issues during the rollout period: 1. [Two systems] Office 2013 exectuables got modified between the "monitor"(think inventory) period and "protect" period. Result: Savant flattened any Office 2013 attempt at trying to run. What the user would experience is clicking the Outlook icon and nothing happens. 2. [Four systems] When printing to a network printer (it was always the same Ricoh on a 2012 R2 print server for a few users), a request to print one page would be met with spitting out about 20. 3. [One system] A 3rd party app fails when running in protected mode, complaining about no access to some temporary location. The solution for 1 and 2 is to put Savant into "monitor" mode, run a Savant command called "append" and then flip it back to protected. The Savant agent also has a "learn" mode (which I used) which lets you take a system being impacted by the protected mode, put it in learn, run whatever application doesn't work right, then when you flip it back to protected mode you're presented with path and filenames that were observed and you can elect to accept none, some, or all of the changes so they are allowed when in protected mode. I haven't figured out #3 yet, but that system is low-risk so it may be a few days before I get to it. A side benefit is you get what is similar to SCCM reporting on how often a particular EXE or other file is opened, which can play into monitoring licensing needs, among other things. Should be fun. Dave
