Solved

Detecting unapproved executables on a Windows Domain

Posted on 2011-09-17
3
238 Views
Last Modified: 2012-05-12
I am looking for a super low-cost (if not free) way of detecting when an unapproved executable (exe, bat, com, etc) is launched on any workstations and servers within the domain.  This looks like a client side monitor solution would be needed.  I would want to provide a list of approved exe files, then receive reports on any that do not fit the list.  I could then add them as approved or add them to a list of banned executables that the client side solution would block from execuating.  This almost sounds like an AV solution, but we already use VIPRE and so replacing it with a different AV solution is not possible at this point.
0
Comment
Question by:murryc
3 Comments
 
LVL 12

Accepted Solution

by:
mwochnick earned 500 total points
ID: 36555220
you could try something like this
- little more - control whats installed
http://4sysops.com/archives/free-manageengine-desktop-central-client-management-software/
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 36555287
Another way (totally free) is to make all users limited (restricted) users so they cannot install software. Make sure the administrator password of the machines is unassailable (easy to do) and make sure all users have difficult passwords. ... Thinkpads_User
0
 
LVL 4

Expert Comment

by:duffme
ID: 36556075
If you want to do this for free the baseline and monitoring will likely take some work.  You can set restrictions however in Group Policy with Softare Restriction Policies.  If all of your machines are Windows Server 2008R2 and Win7 Enterprise/Ultimate you can also use AppLocker in Group Policy.  You would probably need to scan Security Event Logs to gather a baseline of what is being run.
http://technet.microsoft.com/en-us/library/cc779607(WS.10).aspx

Mind you this is not a trivial thing to do.  Baselining is required and when you consider dependencies (DLLs and such) it can be tricky to get everything just right and make changes.  

Whitelisting is being used as an approach to viruses and other malware.  I am not aware of any cheap or free way to do this other than the policies I mentioned above, which also lack the management features of third party solutions.  I will say that users generally don't take too kindly to being completely locked down ;)
0

Join & Write a Comment

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now