Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blocking PUPs with Windows Registry


  • Please log in to reply
1 reply to this topic

#1 atlcr

atlcr

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 21 January 2014 - 09:52 PM

I have come across a way to disallow specific .exe files from running by adding values to the registry. I thought it might be useful to block common problem programs like Conduit Search Protect, Spigot, CouponSaver, etc.

 

I own a computer repair business and come across hijacked browsers all the time. In an effort to offer the best service to my customers, I'd like to make a batch file that loads registry values that block the installation of Potentially Unwanted Programs.

 

The problem that I am coming across is that I need the file name for the .exe files to disallow them in the registry. When I try to find a place to download Conduit, for example, I can not find anything (not even on conduit.com).

 

There are 2 problems here:

 

1. These programs often piggyback on other legitimate programs (Adobe Flash Player is a classic example). I'm not sure that they run as separate .exe files. They might be embedded in the original file that was downloaded, in which case this is not going to work.

 

2. Some .exe files are generated on the fly with random characters as the file name or the file name can change when new versions are released. This can be overcome with diligence, but obviously requires a lot more work.

 

Does anybody know of a source to get the filenames for common PUPs?

 

Any feedback is greatly appreciated. I don't want to reinvent the wheel so if something like this already exists, then I'd like to know about it. :)



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:44 AM

Posted 22 January 2014 - 08:17 AM


A Potentially Unwanted Program (PUP) is a very broad threat category which can encompass any number of different programs to include those which are benign as well as malicious. Thus, this type of detection does not always necessarily mean the file is malicious or a bad program. PUPs in and of themselves are not always bad...many are generally known, non-malicious but unwanted software usually containing Adware or bundled with other free third-party software to include toolbars, add-ons/plug-ins and browser extensions. PUPs are considered unwanted because they can cause undesirable system performance or other problems and are sometimes installed without the user's consent since they are often included when downloading legitimate programs. PUPs may also be defined somewhat differently by various security vendors and may or may not be detected/removed based on that definition. That fact adds to confusion and a lot of complaints from end users asking why a detection was not made on a particular file (program) they are having issues with.

To learn more about PUPs and how you get them, please read: About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)

There is a link in the above topic for Calendar Of Updates which maintains a comprehensive list of software (by name) bundled with unwanted add-ons called the: Installers Hall of Shame.



 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users