• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 715
  • Last Modified:

Prevent running executables within zip folders

I am the network manager in a school. 2003 and xp domain.
I can prevent exe files from running Ok. But when a student double clicks on an exe file from within a ZIP it runs ok. I have tried to prevent running ZIP  files but could not stop them. by Using security settings in a GPO.

Any thoughts on preventing these exe from running.

Thanks


0
harveygs
Asked:
harveygs
  • 2
  • 2
1 Solution
 
KCTSCommented:
Software restriction policies ( http://technet.microsoft.com/en-us/library/bb457006.aspx) cannot be made to work ?
0
 
harveygsAuthor Commented:
I have used the software restriction policy to stop exe. But when the exe is in the zip it still runs. I incleuded the .zip extension in resricted extension but made no difference.
0
 
MereteCommented:
The only way is to lower them to non administrators especially students, then you can monitor and include group policies for what they can do.
limited accounts really stop them in the tracks..
 its nearly impossible to "  prevent " with administrator accounts they have the power.
Even if you uninstall the zipper rar they will find way.
best policy is firewalls good av and education, not that they will listen.
But having installed good protection can help the most it catches the nasties.
Spyware blaster is one.
http://www.javacoolsoftware.com/spywareblaster.html
S&D spybot can be setup to prevent some actions too with Tea timer
What is the Resident TeaTimer? [link]  
The Resident TeaTimer is a tool of Spybot-S&D which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options, how to deal with this process in the future: You can set TeaTimer to:
be informed, when the process tries to start again
automatically kill the process
or generally allow the process to run
There is also an option to delete the file associated with this process.
In addition, TeaTimer detects when something wants to change some critical registry keys. TeaTimer can protect you against such changes again giving you an option: You can either Allow or Deny the change.
As TeaTimer is always running in the background, it takes some resources of about 5 MB.

Please read the tuturials.
 http://www.safer-networking.org/en/index.html

if your up to it I realize time maybe a factor but there is some awsome tweeks for the regestry
Registry Edits for Windows XP
http://www.kellys-korner-xp.com/xp_tweaks.htm

Another of these programs
Trust-No-Exe - An executable filter for Windows NT/2000/XP
http://www.beyondlogic.org/solutions/trust-no-exe/trust-no-exe.htm
best wishes
Merete
0
 
harveygsAuthor Commented:
Trust no-exe worked for me. It also told me that ZIPS were running the enbedded exe in C:\Documents and Settings\harveygs\Local Settings\Temp\ . I then could set a GPO to prevent exe running from this location temp location.
All the other functions of ZIp and un Zip still seem to work ok.

Many Thanks
steve
0
 
MereteCommented:
You are most Welcome Steve, very happy to know I have helped you with such a task.
Thank you
Regards Merete
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now