It could just be late here on the east coast, but could you explain what do you mean by "non-local areas"?
Also, how are you preventing any .exe from running? GPO? On Wednesday, July 13, 2011, <[email protected]> wrote: > We redirect AppData, and any exes in non-local areas aren't allowed to > run. As is anything not owned by Administrators. > Sent from my POS BlackBerry wireless device, which may wipe itself at any > momentFrom: Micheal Espinola Jr <[email protected]> > Date: Wed, 13 Jul 2011 14:04:17 -0700To: NT System Admin > Issues<[email protected]>ReplyTo: "NT System Admin > Issues" <[email protected]> > Subject: Re: Thought on malware cleaning > I'm all for leaving it open. But it should be checked by AV software and > related tools. its just common sense. there is almost always infection > there. There and some other common locations should be checked. Any apps > present should be checked if they are signed. Or have any company detail > (most/all are null). And depending, then that should be scanned against the > registry. > > Its not rocket science, and its not that resource intensive. Especially if > we are talking about using an AV/AM app performing a system sweep. > -- > Espi > > > > > > > > On Wed, Jul 13, 2011 at 1:55 PM, Crawford, Scott <[email protected]> > wrote: > > > > > > > > > > > I’m not referring to whitelisting, which has its own set of issues. > > I’m talking about your suggestion of disallowing any .exe files in the root > of AppData. > > From: Micheal Espinola Jr [mailto:[email protected]] > > Sent: Wednesday, July 13, 2011 3:50 PM > To: NT System Admin Issues > Subject: Re: Thought on malware cleaning > > While I agree with whitelisting, and I believe its a reasonable solution at > this point. The original intent of this post and what I am proposing dont > involve whitelisting. > > -- > Espi > > > > > > > On Wed, Jul 13, 2011 at 1:40 PM, Crawford, Scott <[email protected]> > wrote: > > > My point is that it’s common simply because its allowed. Disallowing .exes to > be stored would make it rare, but the .exes would just > have moved with no net gain. Or maybe I’m misunderstanding what you’re > suggesting. > > From: Micheal Espinola Jr [mailto:[email protected]] > > Sent: Wednesday, July 13, 2011 2:52 PM > > > To: NT System Admin Issues > Subject: Re: Thought on malware cleaning > > > Thats not my solution. my solution is to check these types of folders and > match against the registry. > > > > > Its a very common occurance in my experience, and would add lots of value > when they are found. > > -- > Espi > > > > > > > > > On Wed, Jul 13, 2011 at 12:34 PM, Crawford, Scott <[email protected]> > wrote: > > > > > > > If the OS blocked .exe from the root of AppData, malware would just put it in > a subfolder. Your simple solution is only simple because > that’s how windows is designed. The overhead to block .exe in AppData would > take resources to code and test and would add virtually no value. > > From: Micheal Espinola Jr [mailto: ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
