Solved

Detecting unapproved executables on a Windows Domain

Posted on 2011-09-17
3
245 Views
Last Modified: 2012-05-12
I am looking for a super low-cost (if not free) way of detecting when an unapproved executable (exe, bat, com, etc) is launched on any workstations and servers within the domain.  This looks like a client side monitor solution would be needed.  I would want to provide a list of approved exe files, then receive reports on any that do not fit the list.  I could then add them as approved or add them to a list of banned executables that the client side solution would block from execuating.  This almost sounds like an AV solution, but we already use VIPRE and so replacing it with a different AV solution is not possible at this point.
0
Comment
Question by:murryc
3 Comments
 
LVL 12

Accepted Solution

by:
mwochnick earned 500 total points
ID: 36555220
you could try something like this
- little more - control whats installed
http://4sysops.com/archives/free-manageengine-desktop-central-client-management-software/
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 36555287
Another way (totally free) is to make all users limited (restricted) users so they cannot install software. Make sure the administrator password of the machines is unassailable (easy to do) and make sure all users have difficult passwords. ... Thinkpads_User
0
 
LVL 4

Expert Comment

by:duffme
ID: 36556075
If you want to do this for free the baseline and monitoring will likely take some work.  You can set restrictions however in Group Policy with Softare Restriction Policies.  If all of your machines are Windows Server 2008R2 and Win7 Enterprise/Ultimate you can also use AppLocker in Group Policy.  You would probably need to scan Security Event Logs to gather a baseline of what is being run.
http://technet.microsoft.com/en-us/library/cc779607(WS.10).aspx

Mind you this is not a trivial thing to do.  Baselining is required and when you consider dependencies (DLLs and such) it can be tricky to get everything just right and make changes.  

Whitelisting is being used as an approach to viruses and other malware.  I am not aware of any cheap or free way to do this other than the policies I mentioned above, which also lack the management features of third party solutions.  I will say that users generally don't take too kindly to being completely locked down ;)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now