Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how to block a specific external command on Windows?


  • Please log in to reply
5 replies to this topic

#1 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:04:26 AM

Posted 23 January 2017 - 07:56 PM

Is it even possible to block a specific external command on Windows without disabling the .exe altogether?

 

For example I'd like to block

useful.exe nasty command /f /s

Whilst allowing

useful.exe helpful command /s

Whether this is done by group policy or whatever, I don't mind.

 

Thanks in advance



BC AdBot (Login to Remove)

 


#2 SpywareDoc

SpywareDoc

  • Members
  • 688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland, USA
  • Local time:01:26 PM

Posted 24 January 2017 - 06:34 PM

If you can see the "nasty" string within the "useful.exe" program, you could try altering it with a hex editor. Be sure to:

 

1) Make a backup copy of "useful.exe", (say named "useful-original.exe") before altering it.

 

2) Make sure you use the same number of characters as the length of the original "nasty" string you are replacing. (For example, since the string "nasty" is 5 characters, you might change it to "zxcvb" [or whatever]).



#3 TsVk!

TsVk!

    penguin farmer

  • Topic Starter

  • Members
  • 6,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:04:26 AM

Posted 24 January 2017 - 06:54 PM

That's not a bad idea. Thanks

 

If anyone has a GP or other approach also I'm open to more input.



#4 KingDavidlll

KingDavidlll

  • Members
  • 297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:26 AM

Posted 25 January 2017 - 09:37 PM

That's not a bad idea. Thanks
 
If anyone has a GP or other approach also I'm open to more input.

I would create a wrapper for the exe. Eg. Create an exe to contain the exe which can check the command first before passing it to the original program if it's safe.

#5 TsVk!

TsVk!

    penguin farmer

  • Topic Starter

  • Members
  • 6,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:04:26 AM

Posted 25 January 2017 - 09:40 PM

That's a great idea... I'm gonna look at that next week. It may just be something I can work within this situation.



#6 JohnnyJammer

JohnnyJammer

  • Members
  • 1,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:04:26 AM

Posted 26 January 2017 - 10:28 PM

What sort of command did you want to stop?

There are so many ways to fire up a command in windows, command.com, cmd, %comspec% to name a few!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users