Microsoft AntiSpyware and .bat files

[John]

I installed Microsoft AntiSpyware on 2 Windows 2003
Terminal Servers per the suggestion of a Microsoft
Engineer. When a user logs in, it is asking them if it
should block .bat files which happens to be their login
script. The user is answering YES which causes their
drives not to map. I see there are many configuration
options but how can I configure the software not to block
these types of files?

John

 

[Bill Sanderson]

One method is given in this KB article, which perhaps the Microsoft engineer
should have mentioned:

http://support.microsoft.com/kb/892375 End users may be prompted to allow or
block administrative actions that originate from a central management tool
after they install Windows AntiSpyware (Beta) on a computer that is managed
by Systems Management Server 2003

The method in the KB article turns off all real-time protection, which is
probably undesirable.

There are 59 individual checkpoints involved in the real-time protection.

Go to tools, real-time protection, application agents, view application
agent checkpoints.

scroll down to Script Blocking.
Click "Deactivate checkpoint" in the right panel.

This appeared to work in a quick test I did--but I make no guarantees--the
UI behaves quite strangely, and re-activating these checkpoints may be
problematic. That's what I'd try. If this fails, you can follow the
workaround in the KB article and just use Microsoft Antispyware as a
scanning tool without the real-time protection.