We are currently working on a Win7 image for our workstations, using SCCM to deploy software and manage the workstations. One of the testers are repeatedly getting the "System modification attempt" from Client Security 9.11 when he tries to install software.
I have excluded the path "*\\windows\\syswow64\\*" from the real time scanner, but still he gets the S.m.a. messages when installing programs and browser plugins.I have a feeling the exclusion is unnessesary, but they wantet the exclusion to try to avoid too many sysmod alerts.
One typical message when trying to install an advertised program says:
Windows Host Process (rundll32.exe)
Rating: Neutral
Location: C:\Windows\syswow62\rundll32.exe
Operation: Attempt to manipulate a protected process.
Target: C:\Program Files (x86)\F-Secure\common\fsm32.exe
When installing a program through Control Panel - Get Programs, he gets:
Windows Explorer
Rating: Neutral
What should be done?
o I Trust the program
o I do not trust...
Location: C:\Windows\explorer.exe
Operation: Attempt to manipulate a protected process.
Target: C:\Program Files (x86)\F-Secure\common\fsm32.exe
In the Management Console I have enabled DeepGuard with the setting "Ask When Case is Unclear" and I have also enabled "Use server queries to improve...". Advanced process monitoring is not enabled.
I could use the setting "Do not ask", but have been reluctant to do so. Is there another way around the problem exept using "Do not ask"? If so, how? Any clues to how to get rid of (to us) false alarms without using the no questions asked alternative?
Thanks in advance!