Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
566
Views
5
Helpful
2
Replies

Creating exception rules

Go to solution
ciscors
Level 4
Level 4

‎06-27-2005 05:33 AM - edited ‎03-09-2019 11:40 AM

I have to create an exception rule for bttray.exe which CSA desktop policy is disallowing to run. bttray basically is a system tray icon which shows the user what bluetooth connections he has open.

Now, if I simply create an exception rule, a virus or malicious code could in the future copy itself to the original bttray.exe and execute itself since CSA would allow it to.

How do I get around this catch-20?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
travis-dennis_2
Level 11
Level 11

‎06-27-2005 06:03 AM

I would say that creating a rule to allow this executable to run does not create a catch-22. If some malicious code was introduced using this executable it would try to do something like access the registry, access the network etc. In that event CSA would stop it from performing the new activity. I can't quote you the actual section in the Admin guide but this has been my experience. once I create an exception based on an alert the executable is allowed to only do what it initially tried to do and nothing else. Once it tried something else CSA stopped it.

Anyone else have some input?

Hope this helps

Please remember to rate all replies.

View solution in original post

2 Replies 2

Go to solution
travis-dennis_2
Level 11
Level 11

‎06-27-2005 06:03 AM

I would say that creating a rule to allow this executable to run does not create a catch-22. If some malicious code was introduced using this executable it would try to do something like access the registry, access the network etc. In that event CSA would stop it from performing the new activity. I can't quote you the actual section in the Admin guide but this has been my experience. once I create an exception based on an alert the executable is allowed to only do what it initially tried to do and nothing else. Once it tried something else CSA stopped it.

Anyone else have some input?

Hope this helps

Please remember to rate all replies.

Go to solution
jeffasher
Level 2
Level 2
In response to travis-dennis_2

‎06-27-2005 08:34 PM

To address the root issue of preventing an executable with that name and path from being compromised is to use overlapping rules for protection. Simply create a file access rule that prevents other applications, or at the very least vulnerable applications, from writing to bttray.exe. If you are extremeley paranoid use a file version rule also.

Application and network control rules prevent bttray.exe from doing anything to compromise the system.

File Access Rules and File Version Rules prevent bttray.exe itself from being compromised.

0 Helpful
Customers Also Viewed These Support Documents