What I do extra to protect users from Stupid malware / adware from downloading and running from the temp folders and presenting a fake "You are infected" window? If thats what you are talking about then I just use / enforce access protection Rules. Some can kind of cause you pains, as you will need to disable to do some installs if exclusions are not in the system....but for the most part it works great if you want to lock the PC's down in a controlled environment....most of the malware /adware that I have had problems run out of the temporary internet files folder first...so If I just block it with the following rules....
Enable: Anti-Spyware maximum protection - "Prevent all programs from running files from the Temp folder"
Enable: Anti-Spyware maximum protection - "Prevent execution of scripts from the Temp folder"
Enable: Common Standard Protection - "Prevent common programs from running files from the Temp folder"
Enable: Common Standard Protection - "Prevent installation of Browser Helper Objects and Shell Extensions"
Make sure to add the exclusions you need!!!
I can enable these settings and not have any issues for the most part with the adware, as soon as I elevate privelages I have a problem...And it can be 1 day and I get a call. The problem that I encounter with these settings is that it will block things like GoToMeeting & WebEx & other such installers from automatic deployment....
Thats How I fight it, as well as running a cleanup script to delete temp files from the Temporary Internet Files folders....
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.