How to deny file execution using ACL on compressed files?

Thanks to member Windows_Security's deny file execution trick here, I've finally found an alternative to using Parental Controls as an anti-executable. While it's definitely not as powerful, it suits my usage. However, I lately found out it doesn't work on compressed files.

My desktop folder (C:\Users\[user]\Desktop) and its subfolders are set by ACL to deny file execute for the "Everyone" group. Downloading new executables or even copying existing executable files to my desktop and then trying to execute them will not work as intended. But consider the following:

1) I downloaded CCleaner portable (ccsetup405.zip) to my desktop
2) I double-click to open it with 7-zip
3) I double-click CCleaner64.exe from within 7-zip (C:\Users\[user]\Desktop\ccsetup405.zip\) and it successfully executes. How can this be prevented?

My guess is ACL only applies to Windows Explorer, not on specific executables like 7-zip. I can set ACL to deny execute on 7-zip itself, but then it won't even load. Is there a way to only deny 7-zip from executing other files?

 

I just tested it out myself: if you double click on an executable in a 7zip archive, it extracts and runs from C:\Users\[user]\AppData\Local\Temp\[somefolder.tmp]\blah.exe

Maybe try denying execution from the Temp folder?

Or you can change the 7zip working folder.

Tools > Options > Folders > specify a folder on your Desktop and not the System temp folder

 

Thanks for testing. I thought of the possibility of 7-zip (and likely other archivers too) extracting/running from the temp folder, but blocking execution on it is a bad idea because then I wouldn't be able to install new software and even certain existing software uses this folder.

I also tried changing 7-zip's working folder to something else, but it doesn't work. Others have reported this as a bug: http://sourceforge.net/p/sevenzip/bugs/1289/

 

Too bad about the 7Zip bug, because SpousalMilk's suggestion does work on WinRar. It lets me choose a different folder for temp files, so I just tried Downloads, and the executables within the archives are blocked from launching. Thanks!