You have an corporate setup and push McAfee or any other AV solution to all your clients via an AV management environment? Ok, that is great! But every standard have disadvantages too because a malware writer knows where the executable paths are.
So, think about the situation that a system is infected with malware and this type of malware changes a lot like the Backdoor:Win32/Vawtrak.A. You grab different AV Solutions and Tips and Tricks and get rid of it mostly.
But finally the corporate AV solution executable cannot be opened and you get the error message “This program is blocked by group policy. For more information, contact your system administrator”:
You try to remove and reinstall the AV solution via the AV management environment but the error occurs again.
You look into gpedit.msc and secpol.msc but don’t find anything there.
Mmmmh, so it needs to be a bare metal registry setting, but where to look into?
Look here: HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers
This is a clean system:
This is an infected system: