I have a customer that has an F5 client utility that users must be able to install, and their profile appdata/temp is a location where they have permissions, unlike the program files folders. I warned them about malware using this location as an ingress vector, but they did not want to work out any more secure solution :(
On Mon, Apr 10, 2017 at 10:25 AM, David McSpadden <[email protected]> wrote: > Have a vendor that want so run his app from the APPDATA..TEMP directory. > > I have a GPO that denied .exe from running there or subfolders of there. > > Any reason I should allow this? > > I have the exact folder and program name but it’s opening up an exception > to my rule?? > Any thoughts? > > > > *David McSpadden* > > System Administrator > > Indiana Members Credit Union > > P: 317.554.8190 <(317)%20554-8190> > > [image: Description: Description: imcu email icon] <http://imcu.com/> [image: > Description: Description: facebook email icon] > <https://www.facebook.com/IndianaMembersCU> [image: Description: > Description: twitter email icon] <https://twitter.com/IndMembersCU> > > > > [image: Description: Description: email logo] > > [image: http://www.amuletsolutions.com/images/mcp.gif] > <http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwjFztf-tePJAhXK5iYKHcPtAxEQjRwIBw&url=http://www.amuletsolutions.com/awards.aspx&bvm=bv.110151844,d.amc&psig=AFQjCNHkrx8CednTEOOq4zUxYyrRUGzUsg&ust=1450459757284499> > > > > This e-mail and any files transmitted with it are property of Indiana > Members Credit Union, are confidential, and are intended solely for the use > of the individual or entity to whom this e-mail is addressed. If you are > not one of the named recipient(s) or otherwise have reason to believe that > you have received this message in error, please notify the sender and > delete this message immediately from your computer. Any other use, > retention, dissemination, forwarding, printing, or copying of this email is > strictly prohibited. > > Please consider the environment before printing this email. >
