08-21-2006 11:18 PM - edited 03-09-2019 03:58 PM
We have CSA V4.5.616
I would like a rule that denies executing exe's but allows readings them.
The rule I have at the moment denies both.
If a user opens a directory that contains exe's the read part is triggered, I only want the rule to trigger if they try to execute, IS THERE A WAY ????
THANKS
Solved! Go to Solution.
09-09-2006 08:37 PM
Okay, so what you want is a rule that allows a directory listing of all files, but does not allow any of them to be executed? Do you want to prevent just users from manually running the executable, or do you want to restrict the entire system from executing them? Am I correct you're trying to protect a specific directory, and not everything on the drive?
Create a new File Set, I suggest naming it "Restricted Directories":
Directories matching: (whatever directories you're trying to restrict)
C:\Secret_Folder\**
@fixed:\PathTo\AnotherDir\**
@removable:\**
\\Office1\Data\**
@network:\Office Data\Programs\**
Files matching:
*.exe
*.com
*.cmd
*.pif
*.scr
*.bat
*.wsh
*.vbs
*.hta
Create a new Application Class, I suggest naming it "File-Executing Shells".
**\explorer.exe
**\cmd.exe
**\command.com
**\taskmgr.exe
Alternatively, you can just use both the "MS explorer" and "Command Shell" classes if they're available, but I can't find any other classes that include "taskmgr.exe" (which can invoke executables outside of Windows Explorer).
Now create another Application Class, this one will be "Directory-Restricted Executables". Put "$Restricted Directories" in the list.
Next create a new Application Control rule "Attempted Execution in Protected Directory", with the following options:
Take the following action: Deny
when
Current applications in any of the following selected classes: "File-Executing Shells"
But not in any of the following selected classes: None
attempt to run
New applications in any of the following selected classes: "Directory-Restricted Executables"
But not in any of the following selected classes: None
08-22-2006 04:59 AM
What type of rule is it? Application control, File access control?
I have v 5.0, but I might be able to come up with something you could try.
09-09-2006 08:37 PM
Okay, so what you want is a rule that allows a directory listing of all files, but does not allow any of them to be executed? Do you want to prevent just users from manually running the executable, or do you want to restrict the entire system from executing them? Am I correct you're trying to protect a specific directory, and not everything on the drive?
Create a new File Set, I suggest naming it "Restricted Directories":
Directories matching: (whatever directories you're trying to restrict)
C:\Secret_Folder\**
@fixed:\PathTo\AnotherDir\**
@removable:\**
\\Office1\Data\**
@network:\Office Data\Programs\**
Files matching:
*.exe
*.com
*.cmd
*.pif
*.scr
*.bat
*.wsh
*.vbs
*.hta
Create a new Application Class, I suggest naming it "File-Executing Shells".
**\explorer.exe
**\cmd.exe
**\command.com
**\taskmgr.exe
Alternatively, you can just use both the "MS explorer" and "Command Shell" classes if they're available, but I can't find any other classes that include "taskmgr.exe" (which can invoke executables outside of Windows Explorer).
Now create another Application Class, this one will be "Directory-Restricted Executables". Put "$Restricted Directories" in the list.
Next create a new Application Control rule "Attempted Execution in Protected Directory", with the following options:
Take the following action: Deny
when
Current applications in any of the following selected classes: "File-Executing Shells"
But not in any of the following selected classes: None
attempt to run
New applications in any of the following selected classes: "Directory-Restricted Executables"
But not in any of the following selected classes: None
09-10-2006 04:45 PM
Richard,
Thanks,this is exactly what I wanted.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide