Hi my name’s Chris. I recently had a thread on this forum but it has since been locked. I wanted to post the solution in case other people have similar issues in the future.
A few months ago I started noticing that Symantec Antivirus wouldn’t boot, I couldn’t run Malwarebytes anti-Malware either. Trying to run Malwarebytes would result in a message saying there was a software restriction policy in place.
I checked with the company that does our IT stuff but they said there as no kind of domain level restrictions on anything.
Basically, a group policy was enabled on my local machine.
The following 6 entries were discovered after a scan with Farbar Recovery Scan Tool...
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
Exactly how this happened is still a mystery. I’ve scanned with dozens of scanners and virus removal tools but nothing has ever been discovered.
Our IT couldn’t even solve this problem. They tried reinstalling, among other things. Nothing worked. They even tried setting up a separate, temporary admin account and that didn't work in fixing it.
They recommended shipping my computer from Alaska to Maine to reinstall the operating system, etc....
Completely impossible with my work situation. It just wouldn’t have worked out.
Using the REGEDIT registry editor (Start>run > regedit) command I discovered where these entries were located after doing some digging...
HKEY Local Machine – SOFTWARE – POLICIES – MICROSOFT – WINDOWS – SAFER – 0 – PATHS
All six registry items were located under this directory but they could not be modified, removed or anything.
Then, today I had an idea.
I tried to change the permissions for these 6 entries (something even the IT company didn’t think of). I granted myself and all users full control of the six entries. I can't belive I thought of this before an entire company of IT and security professionals...
Anyway, after updating the permissions I deleted all six registry entries one at a time, closed the registry editor and rebooted.
Everything is now back up and running with no issues. Symantec works great, Malwarebytes works great. Problem solved!
The big mystery still remains – What caused this?
It was not any of our system administrators. It was not me. It was not anyone in our company that oversees the network/domain.
I still haven’t discovered ANY viruses on my computer and I have literally tried every tool and scanner out there (in safe mode and out).
Hopefully this helps others though!!
Also, if anyone might be able to shed light on what might have caused a software restriction policy on ONLY my security software (on the local machine only) from outside an encrypted/VPN configured domain – That I would like to know. Because noone in our company or within our IT infrastructure had anything to do with this.