Solved Run limit files

[s00]

Following the path I run the test file limit
gpedit.msc/User Configuration /Administrative Template/System/Dont Run Specified Windows Application/enabled/show/test.exe/ok
It will not run the test file in Windows But by renaming test file, this limitation disappears.
How do I solve this problem?
Is it possible I replaced instead of the name, specify the file size?

 

[MilesAhead]

If you really want to prevent the program from being run I would log in as administrator and Take Ownership of the file. On access settings I would allow not even read access by anyone else.

Edit: also local policy isn't the greatest way to prevent a program being run. I used it to prevent IE from being run. But Windows Installer trumps my regular account so during install of a program up popped IE to my surprise.

 

[Callender]

Suggestion

I'm not sure that it's possible to specify anything other than file names. Another way is to use some sort of application whitelisting that will automatically block untrusted/ unsigned files or else can be configured to prompt the user for action.

 

[s00]

i installed Take_Ownership but But it's not applicable to all executable files

 

[s00]

Where to Run application whitelisting?????????

 

[MilesAhead]

i installed Take_Ownership but But it's not applicable to all executable files

What account are you running it from?

 

[Callender]

Application Whitelisting

Where to Run application whitelisting?????????

It requires installation of software. You can get it here: https://secureaplus.secureage.com/Main/release.php

Choose NO Antivirus version.



It will take some time to build a database of files that already exist on your machine. When it's finished - any new digitally unsigned files will be untrusted by default. You will be prompted for action if an unsigned file attempts to run. To define a trust level for any existing file - right click on the file on choose a trust level.



So go back to your test file and set it to Not Trusted. Then when that file or any unsigned executable files that are created in future attempt to run you will see a window like this:



Then it's down to you if you let something dodgy launch!

To get an idea on how to use Application Whitelisting look here:

https://secureaplus.secureage.com/Main/faq.php

Scroll down to the Application Whitelisting FAQ's section.

 

[s00]

administrator

 

[s00]

well Callender
i installed SecureAPlus and set test file to Not Trusted.




There are two problems:
1.if selecting yes File runs
2.i want Users not understand the File restricted

 

[Callender]

Default action

There are two problems:
1.if selecting yes File runs
2.i want Users not understand the File restricted

Set default action to blocked.

 

[s00]

This option does not exist for me.

 

[Callender]

Different version

This option does not exist for me.

Okay so I suggested installing the application whitelisting component but it would appear that it does't have that particular feature. I actually installed the AV version so maybe that's why it's different. If you don't wish to make use of it - I'd suggest uninstalling it.

I've done some research and it seems that what you need is a security application that can block the file based on it's MD5 hash. Usually you could create a rule using Software Restriction Policies but in Windows 7 Home Premium this isn't possible.

Your best bet is to ask for help with how to do this - possibly start a new post.

I did manage to find software that can block files using custom rules based on a file's MD5 hash but nothing that was free and that would work with most existing security software.

Another option might be to create Standard User accounts and use Parental Controls to specify the files that can launch.

More info here:

How to make a disallowed-by-default Software Restriction Policy

 

[MilesAhead]

block the file based on it's MD5 hash.

I thought it would come to that. I think there may be a performance hit with that approach. Every exe will have the hash calculated. If it's a special setup without the myriad user programs running in the background then it may be acceptable.

 

[s00]

Callender and MilesAhead thanks you

 

[MilesAhead]

You're most welcome.