it-admin-au
-
Posts
3 -
Joined
-
Last visited
Posts posted by it-admin-au
-
-
Thanks for the reply.
The idea of blocking filenames is not just for malware and virus-related purposes it also stops users from installing a pre-set of unwanted programs. Users with admin rights are forever installing programs by themselves (torrent related) or accidently due to software updates (drivermagician.exe etc).
Yes viruses change the executable name but we have also found that there are a lot that keep the same executable file name. These additions are an additional layer of protection.
The sysinternals suite seems a bit complex and time consuming to adapt. Possibly group policy may help.
The idea of blocking entire folders is valid and used carefully. EG C:\PROGRAM FILES\TIXATI\*.* will block users from installing the torrent client.
%homepath%\AppData\Roaming\*.exe - this is a recommended Mcafee insertion that we have used and never had any issues.
I still feel that there should be a mechanism to restrict users from running a set file name.
Thanks
-
Hello,
We have just migrated from Mcafee EPO. We are using the latest version of ESET endpoint for windows. We are told that we cannot create a policy that stops computers creating the following files from any process. We could with Mcafee EPO. Examples below.
Stop creating the file in any folder EG..
myresume.exe
news.exe
DriverMagician.exe
driverupdate.exe
partypoker.exe
Payment order details.docStop the folder being created EG..
C:\PROGRAM FILES\TIXATEven wildcards in any folder EG..
*.tmp.tmp
*.lol!
*.toxcryptWildcards in a specific set of users folders EG..
%homepath%\AppData\Roaming\*.exeHas anyone found a way?
Thanks in advance.
How to create a blacklist set of files
in ESET Endpoint Products
Posted
I will have a look and see if the mods get around a few concerns
thks