Hi,
Thank you for the update.
Please do let us know if you need any other assistance with Windows in future. We will be happy to assist you.
Software Restriction Policy issue
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
Hi everyone,
I'm trying to setup basic set of SRP rules to prevent some malware infections and it's driving me crazy.
Default rule is to deny all executables from running from all locations, except the ones which i defined in white list.
Execution is allowed from this locations only:
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)%
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
This generally works just fine.
The problem is – Microsoft Office (go figure...). When i attempt to open Office files from Outlook, i get usual error message:
Access to C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE has been restricted by your Administrator by the default software restriction policy level.
This would make complete sense, if this path is not white listed. Otherwise, if you save this file to (e.g.) Desktop, and open it from there, it will work normally. Except if file is not blocked, then it won't open in „Protected mode“ either unless file is manually unblocked by user. Which is also real joy.
IF i set hash rule to SRP white list policy for each Office program (EXCEL.EXE, WINWORD.EXE, etc), then everything works as charm from any location (protected mode too). But i really don't want to use hash rules for this, as i will have to update them upon every MS Office update. I would like to avoid to use SRP blacklist approach.
My conclusion is that if hash rule works just fine, and path rule is making the trouble, it probably means that Outlook is trying to reach Office executables through some other path.
If someone has encountered the same problem, hint to resolve it would be most appreciated.
Thanks.
Windows for home | Previous Windows versions | Security and privacy
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
3 answers
Sort by: Most helpful
-
Anonymous
2016-04-03T09:45:53+00:00 -
Anonymous
2016-04-01T08:17:31+00:00 Thank you for your reply Mayank - i'll do that.
Regards,
-
Anonymous
2016-04-01T03:53:31+00:00 Hi,
Thank you for posting your query on Microsoft Community.
As per the description, I understand that you are facing Software Restriction Policy issues.
I would suggest you to re-post your query on TechNet Forums as we have experts working on such type of issues and to help you in a better way.
Refer to the link:
https://social.technet.microsoft.com/Forums/windows/en-US/home?category=w8itpro
Hope this information helps. Please let us know if you need any other assistance with Windows in future. We will be happy to assist you.