1 Reply Latest reply on Apr 21, 2017 4:08 AM by brian.rayel

    Allowing only some MSI installers

    brian.rayel Rookie

      How do you only allow specific MSI installers? I get it that it is not the same as EXE's where you can specify metadata.

       

      The issue I have is that if msiexec.exe is not allowed to elevate, the installations do not complete because some TMP files are being blocked. This has been tested specifically for the join.me MSI installer and attempting to install on user's profile.

      If msiexec.exe is added to the built-in elevate policy, the join.me installer completes. The issue with allowing msiexec.exe to elevate is that most MSI installers will now be allowed to install.

       

      Here is the log analyzer result:

      AM-MSI.jpg

       

       

      I thought of creating a process rule for msiexec.exe to allow TMP files but that will still allow non-approved MSI to be installed won't it?

       

      We are using the 10.0 HF1 agent.