none
Software Restriction Policy - Issues with Windows Defender

    Question

  • Hi

    Last year we got hit with Cryptoware and since have implemented the "Cryptolocker prevention kit" which consists on blocking installation of software via Software Restriction Policy in GPO.

    We had to allow a 'whitelist" of allowable installation (ie Microsoft Office, etc) but we are struggling for Windows Defender as it cannot longer update itself.

    For example we get the following errors:

    C:\Users\tester\AppData\Local\Temp\mpam-c0e3fae5.exe 
    C:\Users\tester\AppData\Local\Temp\mpam-1fe8253d.exe

    The issue is that Windows Defender update mpam-xxxx changes all the time.

    We tried to use wildcards such as mpam-*.exe but it would not work.

    Is there a way to use wild cards? 

    Or a way to order the preferences as the rule that disallow the installation in \Local\Temp\*.exe seems to take preference on anything else

    Thanks in advance

    Thursday, May 7, 2015 11:07 PM

Answers