Endpoint Protection

 View Only

  • 1.  Score one for my app control..........

    Posted Feb 09, 2010 02:52 PM
      |   view attached
    I recently added a bit to my application control policy to block bad BHOs and rogue AV apps.......
    I added this and have already nailed a couple - JUST TODAY!

    %userprofile%\Local Settings\Temporary Internet Files\Content.IE5\*\setup*.exe

    Block the above.
    If you need exceptions, fine - but I see some of the more simple and common rogue av comes in this route.


  • 2.  RE: Score one for my app control..........

    Posted Feb 09, 2010 03:16 PM
    Here's some more info on what you can do to stop BHO's with Application and Device Control:

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009070915452948


  • 3.  RE: Score one for my app control..........

    Posted Feb 09, 2010 03:22 PM
    That rather goes with the article I put up last year or so. Between the two of them, rogue AV apps and such don't stand much chance.............. definitions or not.


  • 4.  RE: Score one for my app control..........

    Posted Feb 10, 2010 11:10 PM
    Hey Shadow, can you post your latest App Control policy? I am really interested in blocking .dll and .exe creation in users application data folders. I am curious what tweaks you have made since the original one that you posted a while back.


  • 5.  RE: Score one for my app control..........

    Posted Feb 11, 2010 11:45 AM
    I've attached a new ZIP that has two files.
    I think the smaller is the individual app control policy for the BHOs and EXEs, where the larger is the collection of all app control policies.......
    Wish I knew how to make them more clean and effecient.
    I really need to take a class on this............... or sit an hour or two with a Symantec expert on how to do this correctly - but it should give an idea of the possibilities!