Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

This program is blocked by group policy


  • Please log in to reply
4 replies to this topic

#1 ajcke

ajcke

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 07 January 2014 - 12:52 AM

Since I followed this guide from bleepingcomputer.com to setup software restriction policies at my organization. I'm having a difficult time installing software that auto self extracts before installing. The apps get blocked during the auto self extract process before the install. I believe the applications are attempting to auto self extract to %AppData% or %LocalAppData% path, but I'm not sure. A couple of examples are Firefox and 7-Zip. Some simple applications I can extract the exe with 7-zip and provide users a directory to run the app (problem solved), but extracting apps like firefox only provides a file that downloads firefox and then I assume tries to self extract before installing which gets blocked by group policy restrictions again. 
 
I notice there is a section titled "How to allow specific applications to run when using Software Restriction Policies", but I'm not sure if this applies since these self extract before install files are only temporary files. 
 
Error: This program is blocked by group policy
 


BC AdBot (Login to Remove)

 


#2 ajcke

ajcke
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 07 January 2014 - 01:00 PM

I looked in event viewer for ID 866 and got this result with Firefox.

Access to C:\Users\andy\AppData\Local\Temp\7zSF6DC.tmp\setup-stub.exe has been restricted by your Administrator by location with policy rule {7563742f-b129-4686-b4b1-d158a20c2bfa} placed on path C:\Users\andy\AppData\Local\Temp\7z*\*.exe.

 

I created unrestricted local security policies for (Security Settings\Software Restriction Policies\Additional Rules\)

C:\Users\andy\AppData\Local\Temp\7zSF6DC.tmp\setup-stub.exe 

and

C:\Users\andy\AppData\Local\Temp\7z*\*.exe

 

I still get the same results after this change. Error: This program is blocked by group policy



#3 ajcke

ajcke
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 14 January 2014 - 11:02 AM

I hope I posted in the correct place. At the end of this guide http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#prevent it says "If you have any questions about this self-help guide then please post those questions in our Am I infected? What do I do? and someone will help you."

 

I had this issue again recently when installing Microsoft Office for a client. I am enforcing the software policies to prevent CryptoLocker for clients, but I am having dificulty installing other applications after these policies are enforced.



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:43 PM

Posted 15 January 2014 - 03:31 PM

Hi -

Sorry we have been a bit slow, but we have been buried in work at the moment ....

The apps get blocked during the auto self extract process before the install.

Please list a few apps, and do you mean any commercial or just personal items ??

 

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so.

 

Next -

Please download MiniToolBox and run it.
Checkmark following boxes:

* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

 

Thanks -



#5 ajcke

ajcke
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 27 January 2014 - 10:52 PM

I got it figured out. I was copying the exe path found in event viewer to an unrestricted local security policy. When office fails the first time the exe is listed as something like 0000.exe. When it fails the second time the exe is listed as 0001.exe. I was never allowing the correct path.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users