dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
12

angussf
Premium Member
join:2002-01-11
Tucson, AZ

1 recommendation

angussf to joepwpb

Premium Member

to joepwpb

Re: U R infected ........, pay us $300 in Bitcoins

said by joepwpb:

Has anyone seen this or tried this yet??

Yes, I implemented Software Policy Restrictions on my home box, which has Windows 7 Pro and therefore allows secpol.msc to be run. Click Start, Run, type "secpol.msc" and press [Enter] to start this process. Add new path restrictions under "Software Restriction Policies" -> "Additional Rules" by right-clicking "Additional Rules" and choosing "New Path Rule".

I blocked %AppData%\*.exe, %AppData%\*\*.exe, and four %Temp%\XXX\*.exe where XXX was *.zip, 7z*, Rar*, and wz*. When I rebooted, this immediately broke Cubby, Dropbox, and LogMeIn's Firefox module, so I had to explicitly allow those .exes.

For most home users this won't work - home versions of Vista and Windows 7 don't support SRPs.
psloss
Premium Member
join:2002-02-24

psloss

Premium Member

said by angussf:

For most home users this won't work - home versions of Vista and Windows 7 don't support SRPs.

Yes and no -- there's no GUI, but most of the plumbing is there on other SKUs. The aforementioned CryptoPrevent appears to be generating the SAFER entries in the Registry on Win7 Starter and the system appears to be generating what looks like SRP alert to me when I exercise one of them.