Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Why does my network login script get blocked after I modify/edit it?

Why does my network login script get blocked after I modify/edit it?

Version

All.

 

Issue

Previously approved network logon script is getting blocked after it’s modified.

 

Symptoms

Receiving a block notification for a file that is previously approved after it’s modified.

 

Cause

Any change made to a "file of interest" will result in the hash value of that file changing. When that value changes, Bit9 Agent regards all previous "trust" values associated with the file to be invalid and moves the file back to a "pending" state.

 

Solution

  • If your changes are infrequent you can simply go back and Approve the "new" (edited) version of the file; or

 

  • Create a trusted directory or trusted path rule for your netlogon shared folder. Ensure that there’s proper security on that folder to prevent unauthorized user from creating or moving or editing its content.
Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-02-2014
Views:
905
Contributors