How do I restrict apps from running from a particular location?

With the latest rash of virii out there, i have a number of clients that are having various bunches of trojans/malware being installed and run from the Local Settings\Application Data folder.  These things just fly past the latest virus defs.
Is there a way to restrict that folder so that any executables In that folder are NOT able to be run, but if they are in a subfolder, they can be run at will?
From what i can tell, GPO allows you to disallow an entire tree, but not just one folder.
LVL 1
Digital_SkreamAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

racastillojrCommented:
You should enable Data Execution Prevention (DEP)

0
Digital_SkreamAuthor Commented:
All that does is prevent applications from accessing memory in a way that Microsoft deems unsafe.  That does not prevent any executables in a particular folder from executing.
0
Digital_SkreamAuthor Commented:
Actually a GPO would work, whereas DEP does not.
0
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

Digital_SkreamAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for Digital_Skream's comment http:/Q_27518289.html#37375566

for the following reason:

No good solutions were presented
0
Russell_VenableCommented:
Hi Digital_Skream,  What operating system(s) are you trying to protect? One way is to use applocker. http://www.howtogeek.com/howto/6317/block-users-from-using-certain-applications-with-applocker/ It's available for W7 enterprise and ultimate editions. Plus there are a few other ways like a file monitor that watches the directory and uses W7 antivirus API to block certain software from running.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Digital_SkreamAuthor Commented:
I wanted to block the recent rash of trojans that download and place a exe (named in the format of abc.exe in the user's Local Settings\Application Data folder.  These execute and mess with the exe registry associations.  I wanted a fast, easy way to prevent these apps from running, in case they get past any other security apps.
A GPO with software restirction.  New Path Rule
disallow:
c:\documents and settings\*\Local settings\application data\*.exe

That would do this for every user account, is a GPO, so is centrally controllable, and allows the machine to function normally, without additional software.
With the added benefit that it works for XP, Vista, 7, 2003, & 2008 machines with a single GPO.
0
Russell_VenableCommented:
Did you try to implement the information contained in the link provided above?
0
Digital_SkreamAuthor Commented:
Applocker is wonderful if you are in a homogenous environment, but these changes needed to be made across multiple networks, many of which are holding onto XP with their nails and teeth.  Applocker won't work for them, so I had to find a solution that would work across ALL windows platforms.  GPO and local policies are it.
0
Russell_VenableCommented:
I forgot to mention. Applocker has a exception rule list for software, It will block as a directory when you apply, but it does have Exception rules that you can apply to programs you are want to run.
0
Digital_SkreamAuthor Commented:
This is the solution that worked for me and met all of my requirements.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Spyware

From novice to tech pro — start learning today.