0 Replies Latest reply on Aug 11, 2014 3:27 AM by epoNovice

    VSE Access Protection - Prevent .EXE from running (Root of Folder or ALL folders)

    epoNovice

      Hey All,

      Due to some recent attacks I was wanting to block .EXE's from running/being created in certain folders.

      wanted to add some rules under access protection user defined rules.

      This is just a temporary measure until I get my HIPS IPS rules sorted.

       

      The plan was to block .EXE from being created in the ROOT folders of

       

      C:\Users\**\AppData\Local\*.exe

      C:\Users\**\AppData\LocalLow\*.exe

      C:\Users\**\AppData\Roaming\*.exe

      C:\ProgramData\*.exe

       

      my query is....do these Rules just apply to that folder or would it include "sub folders" also as there is no option to choose sub folders like the OAS policy.

       

      this is because the folders above is where legitimate Applications place there own folders etc some of which contain .EXE's

       

      if sub folders are not included would the entry work as above or more like this ?

       

      files:  *.EXE

      Path  :C:\ProgramData\

       

      Cheers All