Solved

Detecting unapproved executables on a Windows Domain

Posted on 2011-09-17
3
272 Views
Last Modified: 2012-05-12
I am looking for a super low-cost (if not free) way of detecting when an unapproved executable (exe, bat, com, etc) is launched on any workstations and servers within the domain.  This looks like a client side monitor solution would be needed.  I would want to provide a list of approved exe files, then receive reports on any that do not fit the list.  I could then add them as approved or add them to a list of banned executables that the client side solution would block from execuating.  This almost sounds like an AV solution, but we already use VIPRE and so replacing it with a different AV solution is not possible at this point.
0
Comment
Question by:murryc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 12

Accepted Solution

by:
mwochnick earned 500 total points
ID: 36555220
you could try something like this
- little more - control whats installed
http://4sysops.com/archives/free-manageengine-desktop-central-client-management-software/
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 36555287
Another way (totally free) is to make all users limited (restricted) users so they cannot install software. Make sure the administrator password of the machines is unassailable (easy to do) and make sure all users have difficult passwords. ... Thinkpads_User
0
 
LVL 4

Expert Comment

by:duffme
ID: 36556075
If you want to do this for free the baseline and monitoring will likely take some work.  You can set restrictions however in Group Policy with Softare Restriction Policies.  If all of your machines are Windows Server 2008R2 and Win7 Enterprise/Ultimate you can also use AppLocker in Group Policy.  You would probably need to scan Security Event Logs to gather a baseline of what is being run.
http://technet.microsoft.com/en-us/library/cc779607(WS.10).aspx

Mind you this is not a trivial thing to do.  Baselining is required and when you consider dependencies (DLLs and such) it can be tricky to get everything just right and make changes.  

Whitelisting is being used as an approach to viruses and other malware.  I am not aware of any cheap or free way to do this other than the policies I mentioned above, which also lack the management features of third party solutions.  I will say that users generally don't take too kindly to being completely locked down ;)
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question