Author Topic: Avast gui Software Restriction Policy path rule?  (Read 1460 times)

0 Members and 1 Guest are viewing this topic.

Offline Quibbler

  • Jr. Member
  • **
  • Posts: 53
Avast gui Software Restriction Policy path rule?
« on: August 16, 2015, 11:44:59 AM »
Hi, edited to shorten!

Anyone using SRP default-deny and know the allow rules for AvastUI.exe please?

I  need wildcards to get any Avast path rule to work (e.g. Av??t??.exe is needed or gpedit breaks on my system). Trouble is I can't figure out the allow rule(s) I need to allow AvastUI to launch at logon. It'll launch manually but SRP still blocks the stats page. Logging SRP gives the following:-

runonce.exe (PID = 3556) identified C:\Program Files\AVAST Software\Avast\AvastUI.exe as Disallowed using default rule, Guid = {11015445-d282-4f86-96a2-9e485f593302}

When manually opened by me:

svchost.exe (PID = 1076) identified C:\Program Files\AVAST Software\Avast\AvastUI.exe as Unrestricted using path rule, Guid = {d2c34ab2-529a-46b2-b293-fc853fce72ea}


The second guid is the 'C:\Program Files\' rule created by default-restricted SRP.

AvastUI.exe sits in these run keys:-

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AvastUI.exe

or

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\AvastUI.exe

But so far no path rule I 've tried works using this syntax:

 %[Registry Hive]\[Registry Key Name]\[Value Name]%

Process Monitor reveals default-restricted places used by AvastUI.exe:-

C:\ProgramData\AVAST Software\Avast\log\AvastUI.log
C:\Users\*\AppData\Roaming\AVAST Software\Avast\log\*
C:\Users\*\AppData\Local\Temp\_avast_\*


The old allow path rule I used for years no longer works.  :(
« Last Edit: August 16, 2015, 04:23:45 PM by Quibbler »