Versions Compared

Old Version 6

changes.mady.by.user Anonymous

Saved on

compared with

New Version Current

changes.mady.by.user Max Pinion

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Issue

Whitelisting Nonnon-MSI Installation Packages installation packages can introduces introduce several potential issues when attempting you attempt to install and later run executable files. The Package Contents Whitelist Policy type will only scan files for only MSI packages. Non-MSI packages will only be scanned for the only the installation application itself.

The first issue happens when trying you try to execute an .exe installer is when that installer launches other intermediate installation applications. If ; if an exception blacklist policy is present, then the intermediary applications that get launched by an installer will be caught by the blacklist, thus preventing the installation.

The second issue occurs after an application has been installed. Applications that have been installed by an .exe rather than .msi will not automatically be whitelisted by the Package Contents Whitelist Policy, which means those applications will be prevented from running with the blacklist.

Solution

The following steps can be taken to ensure Ensure child processes and installed files of whitelisted installers are whitelisted :

...

by doing one of the following solutions.

Solution 1

  1. In the Whitelist policy, click the Application Actions tab and change the under Child applications to select the Same as parent option.



  2. Also under the Whitelist policy, click on the Click the Policy Enforcement tab and uncheck click to clear the Continue enforcing policies for child processes after enforcing this policy check box.



  3. Next open the Blacklist policy , then open and click the Policy Enforcement tab and check .
  4. Select the Stage 2 processing option. For more information on Stage 2 processing, refer to the article . check box. 



  5. Finally, Add the installed application files needs to be added to a whitelist policy. This can be done Do this by installing the application on a reference system, or creating a whitelist policy for the installed application files using an alternate method such as executable filters.

...

Solution 2

Alternatively, Repackage .exe installers can be repackaged into .msi files, which will allow the Package Contents Whitelist Policy to add the applications in the package to a whitelist.