the account software we use at work seems to generate a new DLL file each time we go to print something…
this DLL file is put in the /documents and settings/administrator/local settings/temp folder
should i unblock this entire folder?
the file always starts with expression_host
is there a way to unblock a file that starts with this instead of unblocking the entire folder?
You could try something like, /documents and settings/administrator/local settings/temp folder/expression_host*
tried it - i can only add exact file names or folders apparently
unless im missing something
Where are you attempting to add this file path?
firewall / define trusted application
defense / trusted files
From the firewall, instead of using the Define a New Trusted Application option, go instead to the Network Security Policy. Click the Add button, and Browse to any file. It may or may not save time to browse to the temp folder where the file you want to allow gets placed.
After selecting a file and clicking Open, you can alter the files path. You can even just type in the file path you wish to use. Use the wildcard character , to denote the unique information given to each new file created. (similar to my earlier posted example) You want this file path to be as restrictive as possible to reduce the possibility of false positives. So if a the filename is something like, expression_host_4568139_print.dll, and only the number changes from print job to print job, a good wildcard would be expression_host__print.dll.
After changing the file path, give it the Trusted Application predefined policy.
For Defense+, you can wildcard directly when adding to the Trusted Files list. Click on Trusted Files, and Add, then Browse. Again, it’s really not important what you browse to, because you can change the path. Select something from the column on the left, and click the arrow to move it to the right-hand column. Now right-click on the file path in the right-hand column and select Edit from the context menu. Now you can make whatever changes you wish the the files path, make sure to enable the Use file names instead of file hashes option, and click Apply.
i believe this fix worked…
thanks for your help i will post back if anything else pops up
I’m glad that worked.
Yes, definitely post if you have further questions.
k turns out i had the defense module disabled when i wrote my previous…
also when i try to add the trusted file to the defense settings it will not add the file or i dont see it come up in the list after i add it.
using C:\Documents and Settings\Administrator\Local Settings\Temp\expression_host_..dll as a file type
and have select use filenames instead of hash
full name and file path to one of the files is
C:\Documents and Settings\Administrator\Local Settings\Temp\expression_host_lotsofnumbers.dll
what would be the wild card to cover the “lotsofnumbers” part
Maybe it’s not happy with a wildcard being used there. Lets try the File Groups method.
First we need to define a file group. Go to Defense+ → Computer Security Policy and click on the Protected Files and Folders tab.
Click the Groups button. Then click , Add, and select A New Group. Give your group a name. Print Jobs, or something, and click Apply.
Now scroll down to the bottom of the File Groups window, (it should be open) and you’ll see your new group. Right-click on where it says (add files here), and select Add. Now you can type your file path in the Add new item entry box. C:\Documents and Settings\Administrator\Local Settings\Temp\expression_host_*.dll would be good. Then click the + symbol next to the file path. This will add it to the right-hand column. Now click Apply.
Now if you scroll down the File Groups list, you’ll see the new file path in your newly created group. Click Apply to save the group in the list.
Now go to the Defense+ Rules tab. Delete any rules you’ve previously created for this file. Now click Add, and select File Groups, and select your new group from the groups list. Click on Use a Predefined Policy, and select Installer or Updater, then click Apply, and agree that you understand the risks associated with policy. Click OK to exit the Computer Security Policy.
Did the wildcard work in regards to the firewall section? If not, similarly add the new group to the Network Security Policy, (delete any previous firewall rules created for this issue) and give it the Trusted Application policy.