Verbose Trace Logging of SRP

Discussion in 'other anti-malware software' started by wat0114, May 11, 2014.

Thread Status:
Not open for further replies.
  1. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,066
    Location:
    Canada
    I think someone in recent months posted on how to log Software Restriction Policy (SRP) events in more detail, but I am unable to find the post/thread. Last night I could not get Silverlight to work for Netflix using chrome on my Limited account in XP, so I searched and found this site...

    -http://windowsitpro.com/systems-management/q-how-can-we-verify-software-restriction-policy-srp-rule-we-defined-one-our-appli

    ...the method works great! I did find, however, that I needed to set the log file path to a user space directory, as it would not write to C:\ root drive as suggested on the site, probably because I'm running from my user account. I just had to find "disallow" in the log and found the required path necessary to allow as a Path rule in SRP:

    Code:
    chrome.exe (PID = 4060) identified \??\C:\Documents and Settings\All Users\Application Data\Microsoft\PlayReady\Cache\S-1-5-21-1801674531-484061587-682003330-1006\MSPRindiv01.key as Disallowed using default rule, Guid = {11015445-d282-4f86-96a2-9e485f593302}
    SRP did not accept this much granularity, so I just ended up with:

    Code:
    C:\Documents and Settings\All Users\Application Data\Microsoft\PlayReady\Cache\S-1-5-21-*-*-*-*\MSPRindiv01.*
    And this works fine. This is just a handy way to identify those troublesome paths that SRP won't allow and also aren't logged in the Event viewer.
     
    wat0114, May 11, 2014
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...