RE: Is it possible to prevent any .exe file from gett ing executed?

What I may need is to make sure that some .exe files don’t get executed,
even by accident. For example, I may not want to execute any .exe files that
come attached to an email; I may want to prevent anyone from outside my
machine to launch cmd.exe; I may want to make sure no rogue process can fork
out the execution of an executable file; and so on. In a nutshell: I may not
know the name of the file in advance, just the circumstances under which the
file was launched. In fact, I may not even care which file we’re talking
about; for example, it’s ok if I run cmd.exe from my keyboard, but it’s not
necessarily ok if someone else manages to run it from somewhere else in the
network.

What’s needed is an authorization mechanism that is attached to contexts,
not to specific files or pathnames. “No running certain .exe files from the
network, please”. “No executing anything from inside an unzip operation”.
“No executing certain files from inside .bat files”. “No running executables
by doubleclicking on some website links”.

And so on, user- or admin-selectable. Can Windows do that ?

Alberto.

-----Original Message-----
From: Art Baker [mailto:xxxxx@nfr.com]
Sent: Friday, August 09, 2002 8:48 AM
To: NT Developers Interest List
Subject: [ntdev] RE: Is it possible to prevent any .exe file from
getting executed?

Assuming the .EXE lives on an NTFS partition, the easiest way to
allow/prevent execution is to attach a suitable access-control list to the
file.

Writing a driver for this purpose seems a bit like recreating something that
the operating system will already do for you…

Regards,
Art Baker

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anand
Sent: Friday, August 09, 2002 3:02 AM
To: NT Developers Interest List
Subject: [ntdev] Is it possible to prevent any .exe file from getting
executed?

Hello all,
Is it possible to prevent any .exe file from getting executed?I want to
monitor the any exe file execution.What exactly happens when I double
click the .exe file? Can we make a poll mode driver which will detect the
start of .exe file and it will terminate that process at that point of
time.I know that prevention of execution of exe file is possible if I
remove the .exe file entry from the registry.But can we do it
programatically I mean through drivers?I am using winDbg 6.0.
Anand.


You are currently subscribed to ntdev as: xxxxx@nfr.com
To unsubscribe send a blank email to %%email.unsub%%


You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to %%email.unsub%%

The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.