Create FilterMSI registry value (Manual or with a Group Policy immediate task)
a. Open Regedit and navigate the registry key tree to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbDefense b. Right click in a blank space in the right pane and select New > DWORD (32 bit value) c. Name the value FilterMSI and leave the data set to 0
NOTE: Before following these steps create a batch file in a commonly accessible network folder the same way you would place the MSI for Group Policy installation. Put the following script inside the batch file and replace <uninstall code> with your uninstall code if Require code to uninstall sensor is enabled in the sensor policy otherwise delete <uninstall code> from the script.
b. In the Group Policy Management (GPO) Editor, go to Computer Configuration > Preferences > Control Panel Settings > Scheduled Tasks. c. Right click and select New > Immediate Task (At least Windows 7) d. On the General tab, enter a name for the task and under security options select Change User or Group. In the Select User or Group dialog enter system in the object name to select text box. Click check names e. and click OK if the highlighted entry is SYSTEM. Click OK again in the Select User or Group dialog. f. Select the Run whether user is logged on or not option and check the Run with highest privileges checkbox. g. In the Configure for drop down menu at the bottom of the general tab select Windows 7, Windows Server 2008.
h. On the Common tab check Apply once and do not reapply.
i. On the Actions tab click New… an make sure the Action drop down is set to Start a program and in the Program/script text box enter the full path to the batch script created in step 1 and click OK. (There is a bug where the New Action dialog may crash if you select the file by using browse)
j. Click OK to set the new immediate task. k. Force a Group Policy update and the task will run immediately. It is possible to check for the FilterMSI value in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbDefense to see that the policy was applied successfully. WARNING: If using this method, it recommended to change the org’s uninstall code once this task has been completed since it may have been exposed in plain text format.
Disable Sensor Bypass from the PSC Console, Sensor UI, or Command Line