Verbose Trace Logging of SRP

Discussion in 'other anti-malware software' started by wat0114, May 11, 2014.

Thread Status:
Not open for further replies.
  1. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,983
    Location:
    Canada
    I think someone in recent months posted on how to log Software Restriction Policy (SRP) events in more detail, but I am unable to find the post/thread. Last night I could not get Silverlight to work for Netflix using chrome on my Limited account in XP, so I searched and found this site...

    -http://windowsitpro.com/systems-management/q-how-can-we-verify-software-restriction-policy-srp-rule-we-defined-one-our-appli

    ...the method works great! I did find, however, that I needed to set the log file path to a user space directory, as it would not write to C:\ root drive as suggested on the site, probably because I'm running from my user account. I just had to find "disallow" in the log and found the required path necessary to allow as a Path rule in SRP:

    Code:
    chrome.exe (PID = 4060) identified \??\C:\Documents and Settings\All Users\Application Data\Microsoft\PlayReady\Cache\S-1-5-21-1801674531-484061587-682003330-1006\MSPRindiv01.key as Disallowed using default rule, Guid = {11015445-d282-4f86-96a2-9e485f593302}
    SRP did not accept this much granularity, so I just ended up with:

    Code:
    C:\Documents and Settings\All Users\Application Data\Microsoft\PlayReady\Cache\S-1-5-21-*-*-*-*\MSPRindiv01.*
    And this works fine. This is just a handy way to identify those troublesome paths that SRP won't allow and also aren't logged in the Event viewer.
     
Loading...
Similar Threads
  1. waters
    Replies:
    3
    Views:
    381
Thread Status:
Not open for further replies.