I have had the option, "Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder" enabled for workstations from day one and not enabled for servers due to some in-house apps that require this to run.
I have been asked to put my reasons to the vendor as to why this should not be allowed and why they might need to change their app. I am looking for a good defense, if needed.
Can anyone comment on whether or not this is a good/bad/indifferent idea to allow for this vendor for our workstations and laptops?
I'm of the opinion that this is a bad idea and don't want to do it. My thought is that if a user has local admin rights, as many of our developers do, we will run into problems. That being said, if they are local admins, it won't matter if they write to temp or elsewhere but my thinking is that the temp directories would be the most likely target in the type of attack we are preventing here.
Thanks in advance...