How to enable advanced logging for Software Restriction Policies
3 posters
Page 1 of 1
How to enable advanced logging for Software Restriction Policies
Only just discovered this neat "trick" to enable detailed logging for Software Restriction Policies:
http://technet.microsoft.com/en-us/library/bb457006.aspx#EDAA
http://technet.microsoft.com/en-us/library/bb457006.aspx#EDAA
When creating rules or troubleshooting a machine displaying problems, an administrator may want a log of every software restriction policy evaluation. This can be done by enabling advanced logging.
To enable advanced logging:
Create the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers
String Value: LogFileName, <path to a log file>
Re: How to enable advanced logging for Software Restriction Policies
LoBy wrote:Nice Find SSJ!!
Agreed! Knowing from first-hand experience how valuable a troubleshooting tool logging is with Applocker, this will provide the same for those encountering issues with SRP.
wat0114- Advanced Member
- Posts : 152
Join date : 2010-05-11
Re: How to enable advanced logging for Software Restriction Policies
ssj, I thought you would have known of this for at least 2 years now. I posted that in one of my many SRP type topics over at WS. (not that you had to know, just suprised you didn't).
btw, it has been a feature of PGS from its inception.
http://mrwoojoo.com/PGS/PGS_index.htm
Sul.
btw, it has been a feature of PGS from its inception.
http://mrwoojoo.com/PGS/PGS_index.htm
Sul.
Sully- Member
- Posts : 13
Join date : 2010-05-16
Re: How to enable advanced logging for Software Restriction Policies
Thanks guys. Sully, I've only been using SRP for just under 1 year (after discovering it existed a year ago and that it was already built into my system).
I've only been using advanced logging for testing purposes (it's not enabled on my REAL system, only in my VM) - for example, with advanced logging, I was able to confirm that SRP blocked DLL loading in these tests:
https://ssj100.forumotion.com/security-f7/vulnerability-in-windows-shell-could-allow-remote-code-execution-t187.htm#1303
https://ssj100.forumotion.com/security-f7/dll-exploit-testing-t257.htm#2012
Yes, PGS is a very neat tool that, like SRP itself, also needs more limelight. I don't personally use it (I try to minimise the number of third party tools/programs on my system), but more "novice" users would greatly benefit from it.
I've only been using advanced logging for testing purposes (it's not enabled on my REAL system, only in my VM) - for example, with advanced logging, I was able to confirm that SRP blocked DLL loading in these tests:
https://ssj100.forumotion.com/security-f7/vulnerability-in-windows-shell-could-allow-remote-code-execution-t187.htm#1303
https://ssj100.forumotion.com/security-f7/dll-exploit-testing-t257.htm#2012
Yes, PGS is a very neat tool that, like SRP itself, also needs more limelight. I don't personally use it (I try to minimise the number of third party tools/programs on my system), but more "novice" users would greatly benefit from it.
Similar topics
» Mis-understandings about Software Restriction Policies (SRP)
» GFI Software acquires Sunbelt Software
» Firefox: auto-enable private mode
» Software Firewalls? Do we need them?
» Setting up software restrictions with only built-in applocker (ACP)
» GFI Software acquires Sunbelt Software
» Firefox: auto-enable private mode
» Software Firewalls? Do we need them?
» Setting up software restrictions with only built-in applocker (ACP)
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|