Prevent Windows XP running programs except for selected ones

Came accross a customer with a severely infection contaminated computer system.

One infection protected against the operating of all programs with the exception of those that the infection pick to permit.

Googling revealed me just how this could be carried out in regard of.exe programs yet this infection additionally prevented.com programs running.

Purely talking I do not intend to have the ability to do this myself, nonetheless I do need to know just how it could be attained and also therefore just how to this unwanted result.

I think that the method will certainly entail computer system registry adjustments and also consequently it could be feasible to undo it by utilizing regedit to work with the hard drive gotten rid of and also affixed to an appropriately operating computer. Would certainly open the essential documents making use of open hive commands.

Any kind of suggestions?

Forgot to state that the variation of windows being run is Windows Home. It appears that the specialist variation is required to run the team plan monitoring console. Or can this be attained indirectly using the computer system registry anyhow and also if so just how?

2
2022-06-07 15:15:49
Source Share
Answers: 2

The infection possibly made use of "software constraint policies": http://technet.microsoft.com/en-us/library/bb457006.aspx

0
2022-06-07 15:47:25
Source

The Software Restriction Policies are a means to attain this: you can specify a plan which permits particular programs and also forbids others ; this is possibly the most basic means.

You can additionally attempt hooking right into the API features - to place this merely, every single time a program intends to do something, this demand experiences your "hook" or taking care of program first. This is the means several infections function. Read API Hooking Revealed for an intro, or google hook CreateProcess (CreateProcess is the Windows API function made use of for beginning programs) and also go from there.

2
2022-06-07 15:47:16
Source