Whitelisting VNC via Group Policy ?

[Steven Jones]

Hi guy's,

At work we are deploying Windows Defender on our campus network and all is
going well. One issue we have is with deploying VNC Server on the open
access computers in our IT Centres. Windows Defender thinks this is
unwanted software and allows student to remove this.

Is there a way in Group Policy to "whitelist" this to prevent the prompts?

Any help would be great.

Thanks

Steven Jones
Network Technician
Farnborough Sixth Form College.

 

[Guest]

Hello Stevens,

Contac WD, fill and send

Vendor dispute form for Windows Defender
http://www.microsoft.com/athome/security/spyware/software/isv/cdform.aspx

False positive form for Windows Defender
http://www.microsoft.com/athome/security/spyware/software/isv/fpform.aspx
--



FATHER
It is impossible to please all the world and one's father.—La Fontaine

 

[Guest]

Add the VNC program or folder to the do not scan list under WD options.
However, Engel's suggestion is still appropriate.

 

[Bill Sanderson MVP]

That detection has been there since the very first beta of the product, and
it isn't going to go away. It is entirely appropriate. Not that VNC has
malicious intent--simply that it can be present without notice to the user,
and that allows malicious intent on the part of whoever is controlling it.
It is a privacy issue.

You can't fix this with Policy in Windows Defender. You need to be using
Forefront Client Security for that.

You can look at the .adm file which is installed with Defender to see the
policy settings available.

As I recall, this stuff lives in the registry, and the only way testers
could figure out to replicate between machines is via registry editing.
This can be done by admins in batch files, but it isn't simple or pretty.
And Windows Defender will likely allow the users to block such
scripts--another issue in a managed environment.

--

 

[Steven Jones]

As I recall, this stuff lives in the registry, and the only way

testers could figure out to replicate between machines is via registry
editing. This can be done by admins in batch files, but it isn't
simple or pretty. And Windows Defender will likely allow the users to
block such scripts--another issue in a managed environment.

How would one do this? I tried to add a registry merge for the
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Threats
\ThreatIDDefaultAction" folder and this was not allowed to complete. Saying
that it was in use, but can it be when the Windows Defender service is
disabed?

any ideas ?

 

[Bill Sanderson MVP]

See what it takes to do it by hand.

I am a little surprised by that message--I would have expected a permissions
error--I believe that some of the keys are set so that you must change
permissions in order to edit them. This changed somewhat over the course of
the beta, I believe, so be sure you are running the final product in
testing. I believe the restricted permissions are a security precaution, so
my advice has been that if you edit these areas to reset the permissions
after finishing. This is pretty vague, I realize, but it has been a long
time since I looked at this stuff--I really try to stay away from
recommending registry editing in public forums.

If the key is really in use--what would be using it? Is Forefront or
OneCare on this system?

If Defender is disabled, has the service, indeed, been stopped?

--