Software Restriction Policy (SRP) on the NovaSeq 6000
Overview of Software Restriction Policy (SRP)
Windows Software Restriction Policies (SRP) use rules to allow only specified software to run.
For NovaSeq 6000, SRP rules are based on certificates, file names, extensions, and directories.
By default, SRP is turned on to prevent unwanted software from running on the control computer.
An IT representative or system administrator can add and remove rules to customize the security level.
If the system is added to a domain, the local Group Policy Object (GPO) may automatically modify the rules and turn off SRP.
Turning off the software restriction policy prevents the protection it provides.
Changing the rules overrides the default protections.
How to Disable/Enable the SRP:
In a file browser window, navigate to C:\Illumina\Security
Double click "disable.reg" and acknowledge the pop-up message.
To re-enable the SRP, double click "enable.reg"
On the NovaSeq 6000 Sequencing system, the SRP defaults the following rules:
Allowed SRP Rules Certificates
DigitalSystems
Illumina, Inc.
NovaSeq
Executable Files
Portmon.exe
Procmon.exe
Procmon64.exe
Tcpview.exe
File Extensions
.bin
.cbcl
.cfg
.config
.csv
.dat
.focus
.imf1
.ims
.jpg
.json
.lnk
.locs
.log
.manifest
.sdf
.tif
.txt
.xml
Directories
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
C:\CrashDumps\*
C:\Illumina\*
C:\Illumina Maintenance Logs\*
C:\LocalSymbols\*
C:\Program Files (x86)\Chromium\Application\*
C:\Program Files (x86)\EMET 5.5\*
C:\Program Files (x86)\Illumina\*
C:\Program Files (x86)\Internet Explorer\*
C:\Program Files (x86)\LibreOffice 5\*
C:\Program Files\Illumina\*
C:\ProgramData\Illumina\*
C:\ProgramData\Package Cache\*
C:\Users\sbsuser\AppData\Local\Temp\Citrix\*
C:\Users\sbsuser\AppData\Local\Temp\CitrixLogs\*
C:\Users\sbsuser\Desktop\FSE turn over to customer.bat D:\Illumina\*
Users can add and remove SRP rules to customize system security. Modifying the rules requires temporarily turning off the SRP. To add or delete a rule:
Disable SRP (according to instructions above [How to Disable/Enable the SRP section]).
Select the magnifying glass in the bottom left-hand corner (the start menu) next to the Windows logo.
Type the word Run into the search and press enter.
Type secpol.msc
In the Local Security Policy dialog box, expand Software Restriction Policies, then select Additional Rules.
To add a rule:
On the Action menu, select New Path Rule.
In the Path field, enter the certificate, file name, file extension, or directory to allow.
(Optional) In the Description field, type the reason for creating the rule.
In the Security level list, select Unrestricted.
Select OK to add the rule to the SRP.
To delete a rule:
Select the rule to delete, then select Delete.
Select Yes to confirm.
Be sure to re-enable SRP once complete.
For any feedback or questions regarding this article (Illumina Knowledge Article #2466), contact Illumina Technical Support techsupport@illumina.com.
Last updated