whitelisting and blacklisting executable in windows xp


You know there are many software that put software filter management in windows computer, that restrict user to run malicious content. and not all are free.
But probably there only a few know that windows has its own software filtering tool.
Yes it is inside the group policy, here’s how:

– first open the MMC by using start>run and type MMC and click OK

– then after the mmc windows opened, fo to file>add/remove snap-in

-now the new window opened, click add button, in new window hilight group policy editor, then click add button.

– click finish. close add standalone snap-in by clicking close button, and close the add/remove snap-in by click ok.

– now in the main window, go to console root>local computer policy> windows settings> security settings> software restrictions.

the enforcement is for selecting whether only executable only or including the library and whether it is all user or all user except the administrator.
the designed file types, you can edit what file types to be filtered.
trusted publishers is who can appoint trusted publishers.

– now go inside to security level, right click in disallowed and choose set as default. this is to make the default on running executable is disallowed.

– now go to folder additional rules, here you add new rule for every executable you want to be able to run.

new certificate rule is for adding rule for certain certificate.
new hash rule is for adding rule for certain executable file.
new internet zone rule is for adding rule for certain internet zone group.
new path rule is for adding rule for certain folder.
so obviously, for local software running policy, you most probably used more of the 2nd and 4th new rules.
add disallowed for restrict the software or unrestricted for it to be allowed to run.
use the opposite additional rules with the default security level, for more efficient ruling.

that’s it, simple isn’t it?

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s