I have a little question: How would one go about blocking browser toolbar installations like MSN/Google/Yahoo for powerusers/local admins on client computers? The users are local admins and should have installation rights on all things except these toolbars. The reason is that the toolbars somehow interferes with something.
One way would be to classify it as a PUP. Parts or all of it should be covered in the protect IE settings in access protection, but thats only for IE. What about Firefox (and others)?
Another way would be to use HIPS and somehow block it. Not so up to date on HIPS at the moment. Could use learning mode to get signature perhaps.
This could of course be applied to other applications in the future.
Yeah, think you're right. It requires some manual investigation and is not the most effective way as you can't cover all of the BHO's. But the ones that are legit as far as the antivirus is concerned is the ones that I want to remove, so there isn't so many mainstream to choose from.