Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Detecting unapproved executables on a Windows Domain

Posted on 2011-09-17
3
Medium Priority
?
281 Views
Last Modified: 2012-05-12
I am looking for a super low-cost (if not free) way of detecting when an unapproved executable (exe, bat, com, etc) is launched on any workstations and servers within the domain.  This looks like a client side monitor solution would be needed.  I would want to provide a list of approved exe files, then receive reports on any that do not fit the list.  I could then add them as approved or add them to a list of banned executables that the client side solution would block from execuating.  This almost sounds like an AV solution, but we already use VIPRE and so replacing it with a different AV solution is not possible at this point.
0
Comment
Question by:murryc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 12

Accepted Solution

by:
mwochnick earned 2000 total points
ID: 36555220
you could try something like this
- little more - control whats installed
http://4sysops.com/archives/free-manageengine-desktop-central-client-management-software/
0
 
LVL 97

Expert Comment

by:John Hurst
ID: 36555287
Another way (totally free) is to make all users limited (restricted) users so they cannot install software. Make sure the administrator password of the machines is unassailable (easy to do) and make sure all users have difficult passwords. ... Thinkpads_User
0
 
LVL 4

Expert Comment

by:duffme
ID: 36556075
If you want to do this for free the baseline and monitoring will likely take some work.  You can set restrictions however in Group Policy with Softare Restriction Policies.  If all of your machines are Windows Server 2008R2 and Win7 Enterprise/Ultimate you can also use AppLocker in Group Policy.  You would probably need to scan Security Event Logs to gather a baseline of what is being run.
http://technet.microsoft.com/en-us/library/cc779607(WS.10).aspx

Mind you this is not a trivial thing to do.  Baselining is required and when you consider dependencies (DLLs and such) it can be tricky to get everything just right and make changes.  

Whitelisting is being used as an approach to viruses and other malware.  I am not aware of any cheap or free way to do this other than the policies I mentioned above, which also lack the management features of third party solutions.  I will say that users generally don't take too kindly to being completely locked down ;)
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question