Prevent Malware By Using Software Restriction Policy

Prevent Malware By Using Software Restriction Policy. In today’s video we are going to take a look at Group Policy Editor SRP which means Software Restriction Policy, the way I would set this up is by using a Standard User Account and then enforce Software Restriction Policy on that computer or workstation. We will take a look at the differences between Path and Hash setup. Just remember when setting up SRP when you block certain areas, you may run into difficulties when it comes to programs needing access to certain directories like Temp and AppData.

Path
%AppData%\*.exe Disallowed To prevent Cryptolocker or Malware executable from running in AppData area.

%AppData%\*\*.exe Disallowed This will prevent any virus payloads from executing in sub folders of AppData.

%UserProfile%\Local Settings\Temp\Rar*\*.exe Disallowed

%UserProfile%\Local Settings\Temp\7z*\*.exe Disallowed
%UserProfile%\Local Settings\Temp\wz*\*.exe Disallowed
%UserProfile%\Local Settings\Temp\*.zip\*.exe Disallowed

There is loads more that can be done in SRP, this is just the tip of the iceberg to what Software Restriction Policy can do.

This might not stop every malware Trojan, but its does a good job.

SRP_Disable.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
“DefaultLevel”=dword:00040000
SRP_Enable.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
“DefaultLevel”=dword:00000000

Need help with your computer problems? join our forum
http://www.briteccomputers.co.uk/forum

Leave a Reply