Prevent running executables  within zip folders

Posted on 2007-10-01
Last Modified: 2008-05-31
I am the network manager in a school. 2003 and xp domain.
I can prevent exe files from running Ok. But when a student double clicks on an exe file from within a ZIP it runs ok. I have tried to prevent running ZIP  files but could not stop them. by Using security settings in a GPO.

Any thoughts on preventing these exe from running.


Question by:harveygs
    LVL 70

    Expert Comment

    Software restriction policies ( cannot be made to work ?
    LVL 1

    Author Comment

    I have used the software restriction policy to stop exe. But when the exe is in the zip it still runs. I incleuded the .zip extension in resricted extension but made no difference.
    LVL 69

    Accepted Solution

    The only way is to lower them to non administrators especially students, then you can monitor and include group policies for what they can do.
    limited accounts really stop them in the tracks..
     its nearly impossible to "  prevent " with administrator accounts they have the power.
    Even if you uninstall the zipper rar they will find way.
    best policy is firewalls good av and education, not that they will listen.
    But having installed good protection can help the most it catches the nasties.
    Spyware blaster is one.
    S&D spybot can be setup to prevent some actions too with Tea timer
    What is the Resident TeaTimer? [link]  
    The Resident TeaTimer is a tool of Spybot-S&D which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options, how to deal with this process in the future: You can set TeaTimer to:
    be informed, when the process tries to start again
    automatically kill the process
    or generally allow the process to run
    There is also an option to delete the file associated with this process.
    In addition, TeaTimer detects when something wants to change some critical registry keys. TeaTimer can protect you against such changes again giving you an option: You can either Allow or Deny the change.
    As TeaTimer is always running in the background, it takes some resources of about 5 MB.

    Please read the tuturials.

    if your up to it I realize time maybe a factor but there is some awsome tweeks for the regestry
    Registry Edits for Windows XP

    Another of these programs
    Trust-No-Exe - An executable filter for Windows NT/2000/XP
    best wishes
    LVL 1

    Author Comment

    Trust no-exe worked for me. It also told me that ZIPS were running the enbedded exe in C:\Documents and Settings\harveygs\Local Settings\Temp\ . I then could set a GPO to prevent exe running from this location temp location.
    All the other functions of ZIp and un Zip still seem to work ok.

    Many Thanks
    LVL 69

    Expert Comment

    You are most Welcome Steve, very happy to know I have helped you with such a task.
    Thank you
    Regards Merete

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now