Topic: How to prevent programs from running from home drive

[bcalder01]

Hi all, I hope this is an appropriate place to post this.

I have a user or two who have been running programs from their H: (home) drives. I am looking for a way to prevent ANY .exe's from executing from H:. We are using Kaspersky Workspace Security & perhaps that is where I should be concentrating my attention, but I think I'm probably not the first SME admin to come up against this.

Is there a way to prevent users from storing .exe's on their home drives, for instance? Maybe that's the way to do it, but it's not very flexible.

[David Harper]

Try Trust No Exe.

[bcalder01]

Thanks much for the link, David. I'll look at it ASAP. It looks like it can be distributed to workstations instead of installing individually, so that's great.

[bloodshoteye]

@bcalder01

It will be useful to some of us if you would please post your results here.

Regards,

[cactus]

Moving this topic to the General Discussion forum, it is more appropriate there. Thanks!

[bcalder01]

I will do ... it may be some days before I get back to it (lots of fires to put out).

[bcalder01]

It looks like it's going to work well (still testing with a small group), and best of all, the "Multiple Computers" function works great!

I've got it so that netlogon.bat executes on startup by adding \\<fileserver netbios name>\netlogon\netlogon.bat, but I am prevented from rerunnin gnetlogon.bat after logon, even though I've specified H:\netlogon.bat. I've attached a screengrab - does anyone see anything illogical in it? The first line in the allow list was an attempt to have Trustnoexe to recognize the logged-in user, but doesn't work.

This is merely a small inconvenience - thank you David for pointing me to this app!!

[David Harper]

Perhaps you need to specify the root netlogon as well - \\servername\netlogon\netlogon.bat.

There's no screen grab attached though.

[bcalder01]

Doh! Adding the image file didn't work, so here is what I have, by hand. Note that the app lowercases all entries:
Access list:
<file server netbios name>\%user%\netlogon.bat
<file server netbios name>\netlogon\netlogon.bat
c:\archiv~1
c:\archivos de programa
c:\progra~1
c:\program files
c:\windows
h:\netlogon.bat

Deny list:
h:\

[David Harper]

Just use ImageShack.

[bcalder01]

Right!!

[David Harper]

I imagine that your issue is that the application becomes confused when you explicitly deny H: but at the same time explicitly allow H:\netlogon.bat.

Try removing H: from your custom deny list. Applications are blocked by default AFAIK, so there should theoretically be no need for this rule.

[bcalder01]

I removed H:\, but the issue still exists.

I can explicitly deny .exe's in an allowed path (as stated in the manual), so if I can do that, I'm pretty happy. I'm remapping network drives, so it's only a minor inconvenience that I have to log out & log back in to see the remapped shares, instead of just rerunning netlogon.bat.