Software Policy: use Software Restriction Policies on any Windows edition (free)

Discussion in 'other anti-malware software' started by MrBrian, Jan 26, 2014.

  1. zagmarfish

    zagmarfish Registered Member

    Joined:
    Feb 27, 2017
    Posts:
    8
    Location:
    europe
    SRP seems designed to prevent execution, mostly.

    Is it possible to use SRP to make a folder or a group of folders (like every startup folders for every users) unwritable?
     
  2. Lockdown

    Lockdown Developer

    Joined:
    Oct 28, 2016
    Posts:
    391
    Location:
    Blue Ridge Networks, Virginia, U.S.
    That is the whole point. Block execution in the first place and there is no need to depend upon unreliable signature detection, heuristics, HIPS, behavior blocking, sandboxes, etc. While such protections have been refined over the years to fairly good levels, their protections still remain less than ideal.

    SRP is just one protection model among many. Using it comes down to personal choice.

    Yes. There are softs that will do this.
     
    Last edited: Mar 20, 2017 at 7:11 PM
  3. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    1,487
    You can do it "manually" with rightclicking on the folder and changing of access rights in the security tab, or you can use NTFS Permission Tools:
    https://www.wilderssecurity.com/threads/ntfs-permissions-tools.390219/
    Or other 3rd-party-tools:
     
  4. zagmarfish

    zagmarfish Registered Member

    Joined:
    Feb 27, 2017
    Posts:
    8
    Location:
    europe
    Yes I know how to do that but then I have to set the permissions of the "\Start Menu\programs\Startup" folders as many times as I have user accounts.
    I'm lazy and I was looking for a way to do it with a line like "%userprofile%\appdata\[...]\programs\Startup" in srp.ini
    Too bad.
     
Loading...