Malware Prevention Tip

This was first posted by me on LinkedIn.

In Microsoft Windows environments blocking executibles from running in a user profile (c:/Users/*) can provide another layer of protection against malware that launches from user space. This will likely require tuning because some legitimate applications and updates decompress and launch executibles from within the User profile and could get blocked. To get started with blocking executibles see the links below for details on Software Restriction Policies and AppLocker. If you do implement this, please do testing first. Do not just edit the Group Policy for your whole domain and push it without extensive testing. It is free if you have at least professional versions of Windows. AppLocker may require Enterprise licenses.

Software Restriction Policies
https://technet.microsoft.com/en-us/library/bb457006.aspx 

AppLocker

https://technet.microsoft.com/en-us/library/dd759117%28v=ws.11%29.aspx

 

I have seen this be effective in the real world and it was discussed recently on the Brakeing Down Security podcast.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s