- #Endpoint protection software for device control install#
- #Endpoint protection software for device control registration#
- #Endpoint protection software for device control code#
- #Endpoint protection software for device control download#
#Endpoint protection software for device control registration#
Prevents registration of new Browser Helper Objects (HIPS) #HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Common Client\PathExpansionMap\APPDATABASE#*\*.Instead they will be required to use Save As to disk before running. Users will no longer be able to run downloaded executables directly from the browser.
#Endpoint protection software for device control code#
This rule can interfere with new ActiveX controls, which effectively code Internet Explorer downloads and runs.ī. It has been included in this set due to its power to block threats, but it has consequences that should be considered.Ī.
#Endpoint protection software for device control download#
Users also will be unable to download executables to WINDIR or anywhere in Program Files, but can continue to download to the Desktop, My Documents, or Downloads directories.Įxclusions are already in place for Windows Updates.Įxtra care should be used when rolling out this rule. This rule prevents many such attacks by blocking access to locations typically written to by threats.
Internet Explorer drive by downloads is a very common threat vector. Prevents changes to system using browser and office products (HIPS) HKEY_CURRENT_USER\Software\Classes\scrfile\shell *Ĥ. HKEY_CURRENT_USER\Software\Classes\regfile\shell *. HKEY_CURRENT_USER\Software\Classes\piffile\shell *. HKEY_CURRENT_USER\Software\Classes\cmdfile\shell *. HKEY_CURRENT_USER\Software\Classes\batfile\shell *. HKEY_CURRENT_USER\Software\Classes\comfile\shell *. HKEY_CURRENT_USER\Software\Classes\exefile\shell *. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\shell *. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell *. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shell *. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell *. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell *. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell *. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell *. HKEY_CURRENT_USER\Software\Classes\.scr *. HKEY_CURRENT_USER\Software\Classes\.reg *. HKEY_CURRENT_USER\Software\Classes\.pif *. HKEY_CURRENT_USER\Software\Classes\.cmd *. HKEY_CURRENT_USER\Software\Classes\.bat *. HKEY_CURRENT_USER\Software\Classes\.com *. HKEY_CURRENT_USER\Software\Classes\.exe *. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.scr *. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.reg *. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pif *. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd *. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat *. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com *. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe *. HKEY_CURRENT_USER\Software\Classes\scrfile\shell\open\command. HKEY_CURRENT_USER\Software\Classes\regfile\shell\open\command. HKEY_CURRENT_USER\Software\Classes\piffile\shell\open\command. HKEY_CURRENT_USER\Software\Classes\cmdfile\shell\open\command. HKEY_CURRENT_USER\Software\Classes\batfile\shell\open\command. HKEY_CURRENT_USER\Software\Classes\comfile\shell\open\command. HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\shell\open\command. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shell\open\command. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\open\command. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell\open\command. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command. Threats use this technique to run code and to block execution of programs that may interfere with the threat. Prevents changes to Windows Shell load points (HIPS) Matches drive types: Local fixed disk drive, Network Drive, RAM Drive and Removable Drive (floppy drive, USB drive, etc).ģ. Legitimate use of autorun.inf on non-CD ROM drives is rare. #Endpoint protection software for device control install#
Threats such as Downadup attempt to automatically install by creating malicious autorun.inf file. It is less well known that autorun works on other drive types such as mapped network drives.
Autorun is a technology that automatically runs when new media, such as a CD, is inserted. 
Legitimate modification of the hosts file is rare. Threats use the hosts file to redirect communication to malicious sites or block communication to legitimate sites.
The hosts file redirects Internet requests to specific IP addresses. This Application and Device Control policy provides the following security measures ġ. This policy is very powerful and offers significant zero day protection against new threats.Įach rule is described below and should be considered individually for suitability of the intended network. Symantec has created a policy that can be imported into the Symantec Endpoint Protection Manager (SEPM).
0 kommentar(er)
