How do I restrict apps from running from a particular location?

With the latest rash of virii out there, i have a number of clients that are having various bunches of trojans/malware being installed and run from the Local Settings\Application Data folder.  These things just fly past the latest virus defs.
Is there a way to restrict that folder so that any executables In that folder are NOT able to be run, but if they are in a subfolder, they can be run at will?
From what i can tell, GPO allows you to disallow an entire tree, but not just one folder.
LVL 1
Digital_SkreamAsked:
Who is Participating?
 
Russell_VenableCommented:
Hi Digital_Skream,  What operating system(s) are you trying to protect? One way is to use applocker. http://www.howtogeek.com/howto/6317/block-users-from-using-certain-applications-with-applocker/ It's available for W7 enterprise and ultimate editions. Plus there are a few other ways like a file monitor that watches the directory and uses W7 antivirus API to block certain software from running.
0
 
racastillojrCommented:
You should enable Data Execution Prevention (DEP)

0
 
Digital_SkreamAuthor Commented:
All that does is prevent applications from accessing memory in a way that Microsoft deems unsafe.  That does not prevent any executables in a particular folder from executing.
0
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

 
Digital_SkreamAuthor Commented:
Actually a GPO would work, whereas DEP does not.
0
 
Digital_SkreamAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for Digital_Skream's comment http:/Q_27518289.html#37375566

for the following reason:

No good solutions were presented
0
 
Digital_SkreamAuthor Commented:
I wanted to block the recent rash of trojans that download and place a exe (named in the format of abc.exe in the user's Local Settings\Application Data folder.  These execute and mess with the exe registry associations.  I wanted a fast, easy way to prevent these apps from running, in case they get past any other security apps.
A GPO with software restirction.  New Path Rule
disallow:
c:\documents and settings\*\Local settings\application data\*.exe

That would do this for every user account, is a GPO, so is centrally controllable, and allows the machine to function normally, without additional software.
With the added benefit that it works for XP, Vista, 7, 2003, & 2008 machines with a single GPO.
0
 
Russell_VenableCommented:
Did you try to implement the information contained in the link provided above?
0
 
Digital_SkreamAuthor Commented:
Applocker is wonderful if you are in a homogenous environment, but these changes needed to be made across multiple networks, many of which are holding onto XP with their nails and teeth.  Applocker won't work for them, so I had to find a solution that would work across ALL windows platforms.  GPO and local policies are it.
0
 
Russell_VenableCommented:
I forgot to mention. Applocker has a exception rule list for software, It will block as a directory when you apply, but it does have Exception rules that you can apply to programs you are want to run.
0
 
Digital_SkreamAuthor Commented:
This is the solution that worked for me and met all of my requirements.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.