The environment allowed users to download and install software. It had to go somewhere. I picked the desktop because a lot of users already use it that way. Also malware is unlikely to use the Desktop folder since it wants to remain undetected. It wasn't a perfect solution but it met the budgetary guidelines and I was able to implement it quickly.
On Wednesday, June 15, 2016, Klaus Hartnegg <[email protected]> wrote: > On 15.06.2016 at 17:27 Jonathan Link wrote: > >> No, you don't need Enterprise for SRP. I've used it as a poor mans >> whitelisting app and basically blocked out everything in the User >> profile folder except for the Desktop folder. >> > > Why exclude the Desktop folder? Shortcuts not working? I removed the file > extension LNK from the list of blocked files, and then made whitelisting. > Works mostly fine. > > I don't see a reason to block shortcuts (LNK-files). When a shortcut is > allowed, but the program it points to is blocked, then the result is a > block. And desktop-shortcuts to directories are sometimes very useful, > yet completely harmless. It evades me why Microsoft included this file > extension at all. > > >
