Jump to content
Kaspersky Support Forum

Prevent the execution of programs on unauthorized paths

rqueizan
 Share
Go to solution Solved by rqueizan,

Recommended Posts

rqueizan

rqueizan

Posted
Posted

Is it possible to block the execution of any executable (exe, bat, ps1) of disk D from Kaspersky Premium 21.15.8.493(a)?

Windows 11 Enterprise 22H2, Build 22621.3085

My goal is to allow the execution of everything that is on disk C, and some folders on disk D, the rest that is restricted.

Link to comment
Share on other sites
  • Solution
rqueizan

rqueizan

Posted
  • Author
  • Solution
Posted (edited)

This way it works, more aggressive than I'd like, but it solves in the worst-case scenario.
It would be interesting if in addition to Read, Write, Create and Delete it allowed Run independently. Suggestion.

image.thumb.png.a0cdd6af3a1ab75fb60e2610f192315e.png

The way shown in the image, it allows me to take it out of that folder, and put it back in.
Prevents the icon from being displayed.
But it definitely blocks execution.

image.thumb.png.b252e0f2b4065c32047a0a6c41308e91.png

Edited by rqueizan
  • Like 1
Link to comment
Share on other sites
Guilhermesene4096

Guilhermesene4096

Posted
Posted (edited)

@rqueizan

Thanks for the feedback, and I'm glad you got it 👍

Thanks for the suggestions, but "Read" basically means "Run/Open".

In your scenario, basically we have that on disk D no file with the ".exe" extension has read permission, that is, they do not have permissions to be read from disk D, therefore, they cannot be executed/opened.

Edited by Guilhermesene4096
Link to comment
Share on other sites
rqueizan

rqueizan

Posted
  • Author
Posted
1 hour ago, harlan4096 said:

Read also may mean just "Access" to the file/folder or in general to the resource...

Initially, I thought Read refers to the action of reading.
That's why I find it a bit confusing to block an execution by blocking the Read option.
In addition, it allows me to cut the file from the folder, and paste it back in.
To cut a file, you need Read and Write.

Link to comment
Share on other sites
rqueizan

rqueizan

Posted
  • Author
Posted (edited)

There is a problem with this form of blocking.
It will notify you every time a program accesses to list files, not necessarily by running it.
The rule applies when the restricted folder is listed by a file explorer such as Total Commander or Windows Explorer itself.

I think it would be best to add a new column, explicitly involving the execution of a program.
 

image.thumb.png.e86c2db412eb762e7d911341a102c021.png

image.thumb.png.e15deba883905cb96811a5c69152632a.png

Edited by rqueizan
Link to comment
Share on other sites
Guilhermesene4096

Guilhermesene4096

Posted
Posted (edited)

@rqueizan

It is obvious that the rule defined by you is wrong.

You have applied "deny" to all groups (Trusted, Untrusted, High restriction and Low restriction)

You can even do this for disk D, but you need to release fundamental applications like Microsoft so that Windows applications like explorer.exe can read all files on the disk.

Spoiler

cAWacGE1Bv.thumb.png.e40d58eda684629953808fd754bbe8df.png

This configuration is my personal configuration in a specific scenario and in a specific situation

This is why Kaspersky defines this module only for advanced users.

This is a complex component of Kaspersky and with it there are countless possibilities for using this component.

My personal advice to you is: study the tutorial I gave you in more depth. (see that it's not that I don't want to help or assist you, it's that it's a component with countless possibilities and that requires a certain degree of knowledge of its operation)

Edited by Guilhermesene4096
  • Like 1
Link to comment
Share on other sites
rqueizan

rqueizan

Posted
  • Author
Posted

More detailed scenario:
I don't want anyone to have permission to run any EXE files from the D:\Download folder and its subfolders.
Otherwise, they can copy, cut, create, delete freely.

This is my real goal!

In the absence of an execute permission, I denied all read permission on the folder, regardless of the level of trust.
This certainly blocks execution, and doesn't interfere with copying files.
It only bothers me that the rule actually applies every time someone accesses the file list of the folder in question.

My ultimate goal is to restrict the execution of any executable (exe, msi, bat, ps1, com) on the entire D disk.
And only allow it to run on a certain folder on disk D.

But I consider that the launch of the event by simply listing the files in a folder is so bulky, I think that by putting the whole disk, it could be chaos, perhaps a high consumption of CPU and RAM resources. An anticipatory speculation on my part.

Link to comment
Share on other sites
rqueizan

rqueizan

Posted
  • Author
Posted

On the other hand, when cutting a file from disk C to disk D. Technically you have to do a read on disk C, write to disk D, delete the original file on disk C.
If I blocked the read permission, I theoretically shouldn't be able to copy or cut it, since I'm not allowed to read it, right?

If an execute permission exists, the execution goes beyond a read, as it needs to be loaded into memory to execute. This would initially involve a disk read and a RAM write.
It could block execution without restricting the read, allowing the file to be copied and cut.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...