IT Questions and Answers :)

Wednesday, November 29, 2017

In a Windows domain, using built in domain features, how can you easily stop malicious software/viruses/cryptolocker from running from the downloads folder, or temporary internet files?

In a Windows domain, using built in domain features, how can you easily stop malicious software/viruses/cryptolocker from running from the downloads folder, or temporary internet files?

  • Advanced Windows Firewall Settings
  • Fancy Antivirus Software
  • Train your users to be more careful
  • Apply a Software Restriction Policy GPO 
 
In a Windows domain, using built in domain features, how can you easily stop malicious software/viruses/cryptolocker from running from the downloads folder, or temporary internet files?

EXPLANATION

Using a software restriction Policy you can create a whitelist or blacklist policy of locations that software is allowed to launch from. This included applications, scripts and so on. You can easily block software from launching from anywhere within a users profile, including the downloads folder. If you want to get into the advanced settings, you can blacklist ALL software and provide a while list of hashes for applications on your domain. SRP is extremely powerful, and very user friendly to configure. It is a valuable tool to use in keeping your network safe.

SOURCE

https://technet.microsoft.com/en-us/library/cc786941(v=ws.10).aspx
Share:

0 comments:

Post a Comment

Popular Posts

Blog Archive