Even when Security_HKLM_only is set to 1, trusted sites added by users are trusted by Symantec Endpoint Protection 12.1
Last Updated February 06, 2014
This issue can occur when the following prerequisites are met:
An administrator has configured set the value data of the Registry value Security_HKLM_only to 1. This value is located here: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Please see Microsoft support article 833633 (http://support.microsoft.com/kb/833633) for more information on this Registry value.
An administrator has enabled the setting "Automatically trust any file downloaded from a trusted Internet or intranet site." within the Download Protection portion of the Virus and Spyware Protection policy for Symantec Endpoint Protection (SEP)
A user has added a internet or intranet site to Trusted sites within Internet Explorer.
Expected behavior: Websites added by users should not be automatically trusted by Symantec Endpoint Protection 12.1 since the Registry value Security_HKLM_only is set to 1.
Actual behavior: Websites added by users can sometimes be automatically trusted by Symantec Endpoint Protection 12.1, even when Security_HKLM_only is set to 1.
Some versions of Internet Explorer save the URL entered by a user into Trusted Sites to both the
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\Domains Registry locations.
When Security_HKLM_only is set to 0 or does not exist, SEP will read from both Registry locations respectively to determine which sites should be trusted. When Security_HKLM_only is set to 1, SEP will only read from the first Registry location (
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\Domains), however, since Internet Explorer has written the website's URL to this location, SEP will trust it.
This is not a Symantec issue. Please upgrade Internet Explorer to a version which does not exhibit this behavior.
Imported Document ID: TECH214758
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe