577
edits
Changes
tidy up of reg info (thanks v.much whomever added that!)
== Gotchas ==
* Soon after installation it can recognise potentially useful software as a threat. For example if you have UltraVNC installed it will flag up UltraVNC.exe and RealVNC.exe. There's a risk that a user, when prompted, will choose to remove or quarantine such files and remove the administrator's ability to connect. Administrative users can allow, quarantine or remove suspicious files where as Limited users can only remove or quarantine suspicious files. It would be useful Administrators will want to script the white-listing of specific files list any such programs that should not be considered a threat, upon installation.
White-listing can be performed manually using: Show details → Recommendation → Select an action → Allow → Apply actions (note that Close means 'don't take any action at this point') → Close - this is saved system-wide.
Once white-listing has been done manually you on one machine, it can export the following be automated on other machines. The registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Threats\ThreatIDDefaultAction". This key contains a list of signatures which are allowed and the action to perform, being dword:(for example 00000006 relates to the action "Allow". Then import this file into the rest This registry key can be applied to other machines in any of computers with the usual ways, for example by exporting it to filename.reg then importing it to others using "regedit /s filefilename.reg". Following Continuing with the above example, to allow RealVNC and UltraVNC the registry file should look like this:
<source lang="reg">
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Threats\ThreatIDDefaultAction]
; Allow RealVNC
; Allow UltraVNC
"16555"=dword:00000006
</source>
Also, to set up exclusion paths and processes silently you could , include the following keys in the registry file:
<source lang="reg">
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes]
"C:\\Program Files\\UltraVNC\\winvnc.exe"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths]
"C:\\Program Files\\UltraVNC\\winvnc.exe"=dword:00000000
</source>
== References ==