Using software restriction policies to prevent virus and malware - Microsoft Response needed

Will using software restriction policies help to prevent virus and malware
from getting on Windows XP professional machines? Let say I know the name
of the executable to the virus or malware, can I use a path rule to
disallowed this executable from being run on the local machine. Will this
prevent virus and malware that are started by the registry? The
documentation is very vague in describing how exactly this works.

--
Eric Sabo
NT Administrator

Lanwench
Wed Jul 14 10:17:13 CDT 2004

Viruses change names all the time....and this would be a very very long
list. Not the way I'd go about this.

Best to secure your machines from the get go - don't grant users local admin
rights, tighten IE security as much as possible, run good centrally admin'd
antivirus software, etc etc etc.

Sabo, Eric wrote:
> Will using software restriction policies help to prevent virus and
> malware from getting on Windows XP professional machines? Let say I
> know the name of the executable to the virus or malware, can I use a
> path rule to disallowed this executable from being run on the local
> machine. Will this prevent virus and malware that are started by
> the registry? The documentation is very vague in describing how
> exactly this works.

Sabo,
Thu Jul 15 13:18:30 CDT 2004

We are running AV in our environment.

We do all the following. Malware is such a grey area. How do you tight
down IE? Please explain. I would just like to know how malware get
through it the users are not administrator on the machine. Time and time
again we are finding executables in memory. How does one prevent this
from happening?



"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:u%23prpWbaEHA.3524@TK2MSFTNGP12.phx.gbl...
> Viruses change names all the time....and this would be a very very long
> list. Not the way I'd go about this.
>
> Best to secure your machines from the get go - don't grant users local
admin
> rights, tighten IE security as much as possible, run good centrally
admin'd
> antivirus software, etc etc etc.
>
> Sabo, Eric wrote:
> > Will using software restriction policies help to prevent virus and
> > malware from getting on Windows XP professional machines? Let say I
> > know the name of the executable to the virus or malware, can I use a
> > path rule to disallowed this executable from being run on the local
> > machine. Will this prevent virus and malware that are started by
> > the registry? The documentation is very vague in describing how
> > exactly this works.
>
>

Steven
Thu Jul 15 13:28:45 CDT 2004

You could do that, but a better strategy may be to define just the allowed
applications/executables to run on a computer though that may not be easy or use path
rules to narrow down where applications can be run. That would not be a substitute
for a firewall, virus scanning including all emails, and keeping current with
critical updates AND having a full backup. The link below is pretty good on Software
Restriction Policies if you have not seen it. The part on blocking malicious scripts
would be a good strategy also. --- Steve

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx

"Sabo, Eric" <sabo_e@cup.edu> wrote in message
news:O%23lDBGbaEHA.3716@TK2MSFTNGP11.phx.gbl...
> Will using software restriction policies help to prevent virus and malware
> from getting on Windows XP professional machines? Let say I know the name
> of the executable to the virus or malware, can I use a path rule to
> disallowed this executable from being run on the local machine. Will this
> prevent virus and malware that are started by the registry? The
> documentation is very vague in describing how exactly this works.
>
> --
> Eric Sabo
> NT Administrator
>
>