Hi,
we are using the SEP Hardening Policy for Application control.
Our logs are full of following entrys, can i ignore these or do i need to whitelist this access?
[AC1-2.1]Client services_Write Registry
[AC1-2.1] Client services_Write Registry
C:/Windows/system32/svchost.exe C:/Windows/system32/svchost.exe
C:/Windows/system32/svchost.exe
/REGISTRY/MACHINE/SYSTEM/CurrentControlSet/services/Teefer2/Parameters/Adapters/NdisWanIpv6 REGISTRY/MACHINE/SYSTEM/CurrentControlSet/services/Teefer2/Parameters/Adapters/NdisWanBh /REGISTRY/MACHINE/SYSTEM/CurrentControlSet/services/Teefer2/Parameters/Adapters/NdisWanIp
regards, stephan
Looks like this is working fine.
Svchost.exe process is used by SEP.
Optional secured HTTPS communication between a SEPM manager and SEP clients and Enforcers.
http://www.symantec.com/business/support/index?page=content&id=TECH163787
thanks for replys,
so i have to whitelist the write access of svchost.exe to those registry keys?
Yes I think you can do that.