locked
IAG - Creating a Session Endpoint Policy RRS feed

  • Question

  • Hi,

     

    Does anyone know if it is possible to create a Session Endpoint Policy to check for the an application on the client which isn't included "out of the box" with IAG?   I want to check whether clients are using BeCrypt Disk Protect hard disk encryption and it isn't a pre-configured option and I can't see a way to add it through the standard or advanced policy editors.

     

    Thanks

     

    Pete

    • Moved by Keith Alabaster Tuesday, June 16, 2009 6:02 PM New forum (From:Forefront Edge Security - General)
    Thursday, April 10, 2008 3:14 PM

Answers

  • Hi Peter. You are true, the vbs file is signed with a code signing certificate so if you modify the file you will break the signature. Two things regarding this:

    1. There is a CustomUpdate folder to hold customized detection scripts, so do not modify the whaledetection.vbs and put the code in a separate file (instructions below)
    2. No matter the above, the code still needs to be signed. So far, the solution was to send the new detection code to the support team and they sent you back the new code re-signed. But, this has recently changed. With Update1 for SP1 now you can include new code without the need to be signed.

    Instructions to add a separate detection file are included as comments in file Detect.inc that you can find in the samples folder of the InternalSite directory. As told you before, with SP1 Update 1 there is no nedd to include the spc and sig files. I encourage you to read the whaledetection.vbs as there are some functions for registry searching and other searchings that can be reused.

     

    Hope this helps. If you need further assistance do not doubt in asking for it

     

    // Raúl

    Friday, May 16, 2008 7:32 AM

All replies

  • Hi Hanneyp,

     

    The best way is to check for a registry key. If you can see what registry keys BeCrypt uses on the client, you can check that those keys are set on the client PC.

     

    IMO thats the best way to do this.


    Re,


    Dave.

    Thursday, April 10, 2008 10:14 PM
  • Thanks Dave,

     

    Can anyone post an example script for doing this and explain how it can be added into a policy within IAG?

     

    (or point me at any documentation covering this as I haven't found it explained anywhere so far Wink )

     

    Thanks

     

    Pete

     

    PS I found a similar post covering the same issue here:

     

    http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=3159475&SiteID=17&mode=1

    Friday, April 11, 2008 10:37 AM
  • Update:  It appears IAG uses the script Whaledetection.vbs to detect applications on the client machine based on the presence of files and registry keys. However, customising this script break the app because it's signed code.

     

    Has anyone else found a way to get around this?

     

    Thanks


    Pete

    Tuesday, May 13, 2008 12:54 PM
  • Hi Peter. You are true, the vbs file is signed with a code signing certificate so if you modify the file you will break the signature. Two things regarding this:

    1. There is a CustomUpdate folder to hold customized detection scripts, so do not modify the whaledetection.vbs and put the code in a separate file (instructions below)
    2. No matter the above, the code still needs to be signed. So far, the solution was to send the new detection code to the support team and they sent you back the new code re-signed. But, this has recently changed. With Update1 for SP1 now you can include new code without the need to be signed.

    Instructions to add a separate detection file are included as comments in file Detect.inc that you can find in the samples folder of the InternalSite directory. As told you before, with SP1 Update 1 there is no nedd to include the spc and sig files. I encourage you to read the whaledetection.vbs as there are some functions for registry searching and other searchings that can be reused.

     

    Hope this helps. If you need further assistance do not doubt in asking for it

     

    // Raúl

    Friday, May 16, 2008 7:32 AM