Block specific files from running?

Hi all,

I have a question for you, its it possible with PG to stop certain files from running, like .exe and .bat?
And is that also possible to block that files only from a specific location?
And do i need the full version for that or is free enough?
And is that also possible with older vesions like 3.1.* ?

Thnx in advance.

Rolf

 

Hi Rolfie.

You can block specific .exe's from running by launching it yourself (double-click on it),when you get the alert from PG,select 'Always Deny'.

You can't block .bat files by name as it's the cmd prompt (cmd.exe) that does the work,blocking cmd.exe will block ALL .bat files,so to block the specific ones you want,when they launch you'll get an alert for cmd.exe,if you look at the 'cmd-line' portion of the alert,you'll see something like:

"c:\windows\system32\cmd.exe" "c:\some folder\some file.bat"

If you don't want that .bat file running,just select 'Deny',you'll have do it as and when those .bat files launch.

No you can't block files by folder name,you'll just have to launch them one by one selecting 'Always Deny'.

The reason you can't do what you want at the mo' is because PG can't be configured to allow/deny files based on the cmd-lines used. I hope DCS will add this feature to future releases. If that sort of feature is high on your agenda or you can't wait untill it's added to PG,then have a look at 'AppDefend' from Ghost Security http://www.ghostsecurity.com/ It very similar to PG but protects slightly different areas. I use both with no problems.

 

Also PG and similar programs will not catch out all *.com files since these are run by NTVDM - see PG-n-Eicar.com (this SysSafety thread provides details on the underlying problem).