Malware Prevention Tip

This was first posted by me on LinkedIn.

In Microsoft Windows environments blocking executibles from running in a user profile (c:/Users/*) can provide another layer of protection against malware that launches from user space. This will likely require tuning because some legitimate applications and updates decompress and launch executibles from within the User profile and could get blocked. To get started with blocking executibles see the links below for details on Software Restriction Policies and AppLocker. If you do implement this, please do testing first. Do not just edit the Group Policy for your whole domain and push it without extensive testing. It is free if you have at least professional versions of Windows. AppLocker may require Enterprise licenses.

Software Restriction Policies
https://technet.microsoft.com/en-us/library/bb457006.aspx 

AppLocker

https://technet.microsoft.com/en-us/library/dd759117%28v=ws.11%29.aspx

 

I have seen this be effective in the real world and it was discussed recently on the Brakeing Down Security podcast.

Leave a Comment