How can i block all executables in a machine unless i verify it. I have multiple clients and i want to do it as programatically (I am using Visual-Studio-2010). It can be done through registry using DisallowRun but if i change the name of exe to notepad1.exe ,registry thing will not work. I want to get control of all the exe's present ,like the way antivirus has.
Asked
Active
Viewed 234 times
1 Answers
7
The correct setting Microsoft added for what you need is AppLocker by GPO.
You can add policy by filehash, filepublisher or path.
With the filehash, it's harder for an user to bypass it, unless he get another version, but you could block the publisher too.
yagmoth555
- 17,495