Keep us posted, please. :)
*ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> *Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market...* On Wed, Nov 5, 2014 at 1:21 AM, Dave Lum <[email protected]> wrote: > Well this should be interesting - I finally have Savant Whitelisting fully > deployed (all 32 systems worth, LOL) at my primary %sidejob% client. By > deployed I mean agent installed and put into "protected" mode. > > > > I have only seen three issues during the rollout period: > > 1. [Two systems] Office 2013 exectuables got modified between the > "monitor"(think inventory) period and "protect" period. Result: Savant > flattened any Office 2013 attempt at trying to run. What the user would > experience is clicking the Outlook icon and nothing happens. > > 2. [Four systems] When printing to a network printer (it was always > the same Ricoh on a 2012 R2 print server for a few users), a request to > print one page would be met with spitting out about 20. > > 3. [One system] A 3rd party app fails when running in protected > mode, complaining about no access to some temporary location. > > > > The solution for 1 and 2 is to put Savant into "monitor" mode, run a > Savant command called "append" and then flip it back to protected. The > Savant agent also has a "learn" mode (which I used) which lets you take a > system being impacted by the protected mode, put it in learn, run whatever > application doesn't work right, then when you flip it back to protected > mode you're presented with path and filenames that were observed and you > can elect to accept none, some, or all of the changes so they are allowed > when in protected mode. > > > > I haven't figured out #3 yet, but that system is low-risk so it may be a > few days before I get to it. > > > > A side benefit is you get what is similar to SCCM reporting on how often a > particular EXE or other file is opened, which can play into monitoring > licensing needs, among other things. > > > > Should be fun... > > Dave > > >
