CSA: Block all sorts of Installation Processes

Unanswered Question
Mar 23rd, 2009
User Badges:


I'm deploying the CSA solution in on of our custommers and I'm having some trouble in controlling the installation of third-party softwares.

I tried using these settings:

Windows Rule Module: Block 3rd Installations

System State: Installation Process


\Action: Priority Deny

\Programs: <*Installation Programs>

But not: MS Windows Update

\Files: $TEST

|$TEST = @windows, @systemroot, *:\*, c:\**\*, d:\**\*

But this rule isn't working properly. For some reason the CSA Agent won't recognize the Installation Processes as it should, I'm still able to install anything...

I was wondering if anyone that had already configured a rule module like this could help me out here.

Waiting answer!

Thanks in advance, DANIEL COSTA

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
jan.nielsen Tue, 03/24/2009 - 11:00
User Badges:
  • Gold, 750 points or more

I wish it were as simple as that, unfortunately installation packages in windows are not standardized at all, some installers just copy files and change registry keys, some just copy files, others start windows installer service (msi) and others do something all together different, some of this can be caught, but not completely. Installation Applications class is not used as far as i can tell, at all in csa at the moment. I would suggest removing the users admin privileges as the first step, and then use a deployment tool for installations, instead of unmanaged local installations

jan.nielsen Tue, 03/24/2009 - 11:05
User Badges:
  • Gold, 750 points or more

Sorry, i hadn't looked closely enough at the mass software policy, it seems that Installation Applications is in fact used by windows update processes and mass software deployment tool descendant processes.


This Discussion