You got a virus scanner and maybe also some other mitigation tools to protect your or company computers, but still viruses and malware can get thru into the system. Here is a method to create an extra layer of defense for your systems. We’ll be using Software Restriction Policies that can be found in the Local Security Policy for standalone PC’s or in the Group Policy Management for domain joined systems. We will be gonna use this for blocking executables from %APPDATA% and %USERPROFILE% directories, but also from compressed archives that can be mailed with an executable as attachment, for example the Cryptovirus (TorrentLocker) or Ransomware you get nowadays from DHL and PostNL e-mails (more info on Fox-IT). For this blogpost the screenshots and examples are made with Windows Server 2012 and Group Policy Management, but are also usable and tested by me in enviroments with Windows Server 2003/Windows XP and newer operation systems.
- Κατηγορία: Τεχνικά Θέματα
- Εμφανίσεις: 607