Malware attack, McAfee and a Group Policy error

You have an corporate setup and push McAfee or any other AV solution to all your clients via an AV management environment? Ok, that is great! But every standard have disadvantages too because a malware writer knows where the executable paths are.

So, think about the situation that a system is infected with malware and this type of malware changes a lot like the Backdoor:Win32/Vawtrak.A. You grab different AV Solutions and Tips and Tricks and get rid of it mostly.

But finally the corporate AV solution executable cannot be opened and you get the error message “This program is blocked by group policy. For more information, contact your system administrator”:

image

You try to remove and reinstall the AV solution via the AV management environment but the error occurs again.

You look into gpedit.msc and secpol.msc but don’t find anything there.

Mmmmh, so it needs to be a bare metal registry setting, but where to look into?

Look here: HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers

This is a clean system:

image

This is an infected system:

image

image

image

image

image

Advertisements
This entry was posted in Computer und Internet and tagged . Bookmark the permalink.

One Response to Malware attack, McAfee and a Group Policy error

  1. sheikh says:

    Got solved…its simple and very useful info.

    Thanks…

    Regards
    Sheikh

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s