Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Whitelisting as described by tutorial not working


  • Please log in to reply
4 replies to this topic

#1 smndnm

smndnm

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 21 June 2016 - 08:29 PM

Hello,

 

After carefully following the tutorial instructions in the article http://www.bleepingcomputer.com/tutorials/create-an-application-whitelist-policy-in-windows/

And while it made very good sense and was easy to follow... I can still run executables from My Downloads folder which is outside of the three whitelisted folders???

I still get the Open File - Security Warning, but this is not the intention.

 

Any help will be appreciated.

 

Cheers

Simon

 

 

 



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:09 PM

Posted 23 June 2016 - 06:02 AM

What version of Windows are you using?

Whitelisting in the tutorial utilizes the Security Policy Editor which is not available in Home versions of Windows.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 ras1000

ras1000

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 23 December 2016 - 01:10 PM

I like the tutorial as well and have implemented it on my computer which has Windows 10 Pro installed.  I am not sure it is working either.  The warning appears and yet the installation still proceeds, e.g. installed a new version of Revo Uninstaller Pro.  As the only user, I have full administrative rights.

 

On another topic, sites mention that users are to use the Security Policy Editor (secpol.msc); however, one can access the requisite files with Local Group Policy Editor (gpedit.msc).  I am not sure why the distinctions are being made and why should it matter whether secpol.msc or gpedit.msc is used.

 

I would really like to see methodology outlined in the tutorial work as advertised, as I would like to implement it in the seven computers at our church.  I will acknowledge I might has done something incorrectly.

 

Has anyone used CryptoPrevent as an alternative?


Edited by ras1000, 23 December 2016 - 01:10 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:09 PM

Posted 23 December 2016 - 01:31 PM

Lots of folks use that program.

For the benefit of all readers....CryptoPrevent is a supplemental security tool that writes 4000+ group policy object rules (Software Restriction Policies) into the registry in order to prevent executables in specific locations from running. CryptoPrevent can be used to lock down any Windows OS to prevent infection by crypto ransomware which encrypts personal files and then offers decryption for a paid ransom. CryptoPrevent artificially implants hundreds of group policy object rules into the registry in order to block executables (*.exe, *.com *.scr and *.pif) and fake file extension executables in certain locations (i.e. %AppData%, %LocalAppData%, %userprofile%, %programdata%, Recycle Bin, Startup Folder) from running. Due to the way that CryptoPrevent works, it protects against a wide variety of malware and ransomware. There are several levels of protection but most users only need to use the default setting - "Set it and forget it" protection. The Free Edition allows you to manually check for updates regularly by using the update function inside the program. CryptoPrevent Premium offers automatic updates to the program and definitions, email alerts, and customized prevention rules for a one time low price.

CryptoPrevent has a filter module (in the installer version) which allows you to apply (enable) or disable suspicious program filtering for .cpl, .scr and .pif files which are executable files. This option is found by opening CryptoPrevent and selecting Advanced > show Advanced Options at the top. The portable version does NOT include the Filter Module...you must get the installer version to use that feature. The portable version cannot apply on-demand or real-time protection, and is limited to Software Restriction Policy based protections.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 kedanli

kedanli

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 05 January 2017 - 04:19 AM

Hi All,

 

THX for this great tutorial. I Just want to add a tool, which might be usefull for you as well.

It is called "Simple Software-restriction Policy" and it is open source:

https://sourceforge.net/projects/softwarepolicy/

 

PRO:

It works for windows HOME users also!

It sets software restrictions using the registry (creating a whitelist).

Easy to manage and you can disable / enable the restrictions by one / two (UAC) click(s) if needed (e.g. install new software). 

 

I love this software. It is simple, lightweight using window's own abilities and is free. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users