Hi ,
I have set a rule to Block snipping tool in the Deny List.
With the criteria
Publisher matches Microsoft Corporation
and Product Description matches snippingtool.exe
but it didnt work.
Is there any suggestions pls
Hi ,
I have set a rule to Block snipping tool in the Deny List.
With the criteria
Publisher matches Microsoft Corporation
and Product Description matches snippingtool.exe
but it didnt work.
Is there any suggestions pls
If you use a passive rule to audit the program and pull the event you will be able to see that this is actually a Window Store Application.
Host Domain Name NetBIOS: <None>
Event ID: B58A5320-531A-4982-97C8-4890D0699365
Process Start Time: 133924401027807608
Process End Time: 0
Event Time: 133924401027807608
Authorizing User SID: <None>
Authorizing User Name: <None>
Authorizing User Domain SID: <None>
Authorizing User Domain Name: <None>
Authorizing User Domain Name NetBios: <None>
Client IPV4: <None>
Client Name: <None>
UAC Triggered: false
File Owner SID: S-1-5-18
File Owner Name: SYSTEM
File Owner Domain SID: S-1-5
File Owner Domain Name: NT AUTHORITY
File Owner Domain Name NetBIOS: NT AUTHORITY
Parent Process Unique ID: <None>
Parent Process File Name: c:\windows\system32\svchost.exe
COM CLSID: <None>
COM AppID: <None>
COM Display Name: <None>
Source URL: <None>
Authorization Challenge: <None>
Windows Store App Name: Microsoft.ScreenSketch
Windows Store App Publisher: <None>
Windows Store App Version: 11.2409.25.0
Drive Type: Fixed Disk
Challenge Response Status: <None>
PowerShell Command: <None>
Application Workstyle Description: Snipping Tool
Application Workstyle Id: c1f136d6-28ee-453f-bd95-fda62815fcea
Message Type: Prompt
IE Zone Tag: <None>
MD5: 58F68A28F43AE748DB4B6CEAEB7A29E9
Host Local SID: S-1-5-21-2867306486-2659972164-3988425936
Trusted Application Name: <None>
Trusted Application Version: <None>
Uninstall Action: <None>
Rule Script File Name: <None>
Rule Script Name: <None>
Rule Script Version: <None>
Rule Script Publisher: <None>
Rule Script Rule Affected: false
Rule Script Result: <None>
Rule Script Output: <None>
Rule Script Status: <None>
Auth Methods: <None>
IdP Authentication User Name: <None>
Configuration ID: a8712607-e4ba-413c-9a72-9eff35733db4
Configuration Revision Number: 9
SHA256: 8986DEF745FD6B7B2D39A1C39B7FA2A7958E5375F377EF18E1B0BB7575B7D8FF
User Request Management Id: <None>
So you need to create a rule to block the snipping tool using a Windows Store Application with a store package name as Microsoft.ScreenSketch
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.