cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Folder Exclusions

Jump to solution

Trying to exclude creation or modification of files in the user startup direcrory.  It's not working.  Any ideas?

exclusion.jpg

1 Solution

Accepted Solutions
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 3

Re: Folder Exclusions

Jump to solution

Hi Michael_w_c

michael_w_c wrote:

Trying to exclude creation or modification of files in the user startup direcrory.  It's not working.  Any ideas?

exclusion.jpg

Based on your 'File or Folder name to block:' your exclusion would convert to this (on Win7):

C:C:\Users\{userprofilename}\Start Menu\Programs\Startup\

C:C: is a problem.

The folders you wish to block:

Under Windows 7:

C:\Users\{UserID}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

On WinXP:

C:\Documents & Settings\{UserID}\Start Menu\Programs\Startup\

However, there is a public/All Users Startup folder as well:

On Windows 7:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

On WinXp:

%AllUsersProfile%\Start Menu\Programs\Startup\

Note: the common theme is \Start Menu\Programs\Startup\

To avoid making multiple Exclusions and covering each exclusion in one rule, try:

**\Start Menu\Programs\Startup\

Using the 'File actions to Prevent' section, Check 'Write access to files' and 'New files being created' as in your example. This will exclude the construction or changes to files on any drive down to any directory that ends in \Start Menu\Programs\Startup\

Be aware that this rule may create issues with some legitimate software. Further, this is only stops one method for automatic startup of software. Consider the many many methods that SysInternal's 'AutoRuns' software lists for auto-startup methods.

In any case, Test, test, test. Then follow up with more testing.

A more effective approach might be to limit user rights, limiting the ability to install software (thru GPO purhaps). In this case do not give users Admin rights, or Power User rights.

Purhaps 'McAfee Application Control' is another option.

Good luck,

Ron Metzger

Thanks,
Ron Metzger

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

2 Replies
Highlighted

Re: Folder Exclusions

Jump to solution

I don't recall if the filed "file or folder name to block" can use environmental variables.  Try something like this:

**\Start Menu\Programs\Startup\**

Translates to: anything before and after (including slashes) with that folder path would match.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 3

Re: Folder Exclusions

Jump to solution

Hi Michael_w_c

michael_w_c wrote:

Trying to exclude creation or modification of files in the user startup direcrory.  It's not working.  Any ideas?

exclusion.jpg

Based on your 'File or Folder name to block:' your exclusion would convert to this (on Win7):

C:C:\Users\{userprofilename}\Start Menu\Programs\Startup\

C:C: is a problem.

The folders you wish to block:

Under Windows 7:

C:\Users\{UserID}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

On WinXP:

C:\Documents & Settings\{UserID}\Start Menu\Programs\Startup\

However, there is a public/All Users Startup folder as well:

On Windows 7:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

On WinXp:

%AllUsersProfile%\Start Menu\Programs\Startup\

Note: the common theme is \Start Menu\Programs\Startup\

To avoid making multiple Exclusions and covering each exclusion in one rule, try:

**\Start Menu\Programs\Startup\

Using the 'File actions to Prevent' section, Check 'Write access to files' and 'New files being created' as in your example. This will exclude the construction or changes to files on any drive down to any directory that ends in \Start Menu\Programs\Startup\

Be aware that this rule may create issues with some legitimate software. Further, this is only stops one method for automatic startup of software. Consider the many many methods that SysInternal's 'AutoRuns' software lists for auto-startup methods.

In any case, Test, test, test. Then follow up with more testing.

A more effective approach might be to limit user rights, limiting the ability to install software (thru GPO purhaps). In this case do not give users Admin rights, or Power User rights.

Purhaps 'McAfee Application Control' is another option.

Good luck,

Ron Metzger

Thanks,
Ron Metzger

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community