Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1598
Views
1
Helpful
5
Replies

need to block exe file

Go to solution
Vishal6
Level 3
Level 3

‎04-17-2024 09:38 AM

Hi All,

Need to block below exe file path on server. Can anyone help me how can i do this in Cisco secure endpoint console.

c:\program files\uvnc bvba\UltraVNC\winvnc.exe

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Roman Valenta
Cisco Employee
Cisco Employee
In response to Vishal6

‎04-18-2024 08:28 AM

Not sure If I follow. If you want to block that particular file winvnc.exe you will need to either grab that file and upload to Blocked Application or determine/calculate the SH256 of that file and add that hash instead once you add that apply the Block Application list to the policy for that server to block running that EXE again.

Or do what Marvin suggested with Simple Custom Detection, you will also need to apply that to your policy for that server, then run full or partial scan which will remove the file all together upon detection.

 

Both solution works based on SHA256. However you need to remember that if the SHA256 will change lets say with new version you will need to adjust that policy again .

 

Unfortunately UltraVNC is not consider to be threat its just free software that can display screen of another computer (via the internet or network) on your own screen. In your case its unwanted software but for others they might use it in their environment. Also using valid certificates for the installer makes harder to deemed the file malicious. The latest UltraVNC looks like this. 

 

856_572_1.png

 

853_547_1(1).png

View solution in original post

5 Replies 5

Go to solution
Roman Valenta
Cisco Employee
Cisco Employee

‎04-17-2024 12:23 PM - edited ‎04-17-2024 12:24 PM

You can also create your own list under Outbreak Control ---> Application Control - Blocked Applications then apply that list to your policy. This will only work on *.EXE files and it will block that application from running.

0 Helpful

Go to solution
Vishal6
Level 3
Level 3
In response to Roman Valenta

‎04-17-2024 11:14 PM

Hi Roman,

Using upload file search only for that machine, but i want to block exe file that resides in server

0 Helpful

Go to solution
Roman Valenta
Cisco Employee
Cisco Employee
In response to Vishal6

‎04-18-2024 08:28 AM

Not sure If I follow. If you want to block that particular file winvnc.exe you will need to either grab that file and upload to Blocked Application or determine/calculate the SH256 of that file and add that hash instead once you add that apply the Block Application list to the policy for that server to block running that EXE again.

Or do what Marvin suggested with Simple Custom Detection, you will also need to apply that to your policy for that server, then run full or partial scan which will remove the file all together upon detection.

 

Both solution works based on SHA256. However you need to remember that if the SHA256 will change lets say with new version you will need to adjust that policy again .

 

Unfortunately UltraVNC is not consider to be threat its just free software that can display screen of another computer (via the internet or network) on your own screen. In your case its unwanted software but for others they might use it in their environment. Also using valid certificates for the installer makes harder to deemed the file malicious. The latest UltraVNC looks like this. 

 

856_572_1.png

 

853_547_1(1).png

Go to solution
junaid-rehman
Level 1
Level 1

‎01-14-2025 01:56 AM

Hi @Vishal6 Could you please share more details about how you accomplished this? Like you did this exactly?

0 Helpful
Top