Cyber Essential Group Policy Blocking

Introduction

Due to the Cyber Essential certification, a group policy has been created in order to prevent file types from running from certain locations. This can cause existing installed Programs or new installations to be blocked.

Link: – http://www.lboro.ac.uk/it/staff/specialist/security/cyber/

The group policy is now only linked to Staff

Name: – IT-EUC-Win-Nessus-Staff

If software is already installed or new software is required to install, the following messages may pop-up for the end user….

When the blocked message is displayed, it will write a ‘Warning SoftwareRestrictionPolicies’ to the Event Viewer
e.g.
Access to C:\Users\username\AppData\Local\Temp\7zSD349.tmp\setup-stub.exe has been restricted by your Administrator by location with policy rule {5b564272-ae6a-4dc5-8066-cd68438edece} placed on path C:\Users\ccgjh\AppData\Local\Temp\7z*\*.exe.

You can use this message to identify what file is being blocked and by what rule

File: – C:\Users\username\AppData\Local\Temp\7zSD349.tmp\setup-stub.exe
Restriction: – C:\Users\ccgjh\AppData\Local\Temp\7z*\*.exe

Logging a case

If you experience this issue, identify from the message or event viewer which file is being blocked and add to a case and pass to EUC

Files blocked in the downloads folder

When software is downloaded in to the downloads folder, they are blocked from running. This is to ensure the end-user is confident that they have selected to install software they have downloaded from a 3rd party source.

Moving the file from the downloads folder to the desktop or OneDrive will stop that particular restriction. Please not however that if the installation files require to be run from an additional blocked location such as %localAppData% then the file will still be blocked and a case for EUC will have to be raised.