Version

All

Issue
Getting blocks on Lotus Notes temp files.

Symptoms

Lotus Notes creates temporary files when a user opens and/or views an attachment in a Notes message. These files are subsequently blocked by Parity.

Cause

Because of the way Notes creates these files (something like an executable viewer) Parity will flag them as executions.

Solution
The best way to deal with this situation is to create a custom rule (Rules > Software Rules > Custom).

These files appear in the directories listed below. A different hexadecimal value will appear in place of XXXXXX on each system. Note that if your environment includes Windows 2000, "winnt" may appear in place of "windows".

c:\documents and settings\<user>\local settings\temp\notesXXXXXX
c:\windows\temp\notesXXXXXX

 

Create the following Exclusion Directories (Directory Policies) in the System Configuration menu:

 

c:\documents and settings\*\local settings\temp\notes*\*.reg
c:\windows\temp\notes*\*.reg

Note

if you have Windows 2000 in your environment, use "win*" in place of "windows" in the second exclusion.

Set the Write Policy to "do not track" and leave the Execution Policy as “default”. No files written to these folders will then be tracked.

Even if malicious content is written to these directories it will still be blocked if executed.

Internal Notes

Internal Notes [Lotus Notes "temp" files being logged as executions]