Jump to content
Michel-B

Startup Control - Allow all executables in 'Program Files' [Solved]

Recommended Posts

I was wondering if it's possible, like in Microsoft's AppLocker, to specify a location in the Application Startup Control where executables are allowed to run.

So basically, I specify 'C:\Program Files' and 'C:\Program Files (x86)' to allow starting of every executable in there, including subfolders.

 

Mind you, I don't want to use a reference folder to import executables from, I just want executables in the folders on every client the policy applies to allow the startup of those.

 

KSC 10.2.434

KES 10 SP1 MR2

 

Why? Simple. Users cannot write to their Program Files folder, so everything in there is safe to start.

Share this post


Link to post
QUOTE(Michel-B @ 11.12.2015 18:54)
I was wondering if it's possible, like in Microsoft's AppLocker, to specify a location in the Application Startup Control where executables are allowed to run.

So basically, I specify 'C:\Program Files' and 'C:\Program Files (x86)' to allow starting of every executable in there, including subfolders.

 

Mind you, I don't want to use a reference folder to import executables from, I just want executables in the folders on every client the policy applies to allow the startup of those.

 

KSC 10.2.434

KES 10 SP1 MR2

 

Why? Simple. Users cannot write to their Program Files folder, so everything in there is safe to start.

 

Hello,

you can deny everything, except that folder.

Thank you.

Share this post


Link to post

Call me stupid, but I don't see how/where.

Just for the record, I want to select a folder including all subfolders.

Share this post


Link to post
QUOTE(Michel-B @ 14.12.2015 18:15)
Call me stupid, but I don't see how/where.

Just for the record, I want to select a folder including all subfolders.

 

Hello.

 

You can create an application category with content added manually, then add "Path to folder" conditions with values like "C:\Program Files" and "C:\Program Files (x86)".

Then in Application Startup Control create an allow Everyone rule for this category.

After that, before switching to Default Deny, make sure your rules work by switching "Allow all" from On to Test and checking "Generate test verdict for default rule". Then make sure test deny events only happen for applications ourside of allowed folders. When you are satisfied with the test results, you can switch "Allow all" to Off, thus switching to Default Deny.

 

Thank you.

Share this post


Link to post

But that only works for executables in the root of the 'C:\Program Files' and 'C:\Program Files (x86)' folders. This doesn't work for subfolders unless I add them all manually.

For example: 'C:\Program Files\VideoLAN\VLC\vlc.exe'

 

EDIT: Nevermind, I stand corrected. It does in fact work on subfolders, for some reason I failed to see this. Thanks for the solution! :ay:

Edited by Michel-B

Share this post


Link to post
QUOTE(Michel-B @ 15.12.2015 15:23)
But that only works for executables in the root of the 'C:\Program Files' and 'C:\Program Files (x86)' folders. This doesn't work for subfolders unless I add them all manually.

For example: 'C:\Program Files\VideoLAN\VLC\vlc.exe'

 

EDIT: Nevermind, I stand corrected. It does in fact work on subfolders, for some reason I failed to see this. Thanks for the solution! :ay:

 

Please evaluate support help by using "Rating" option!

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.