What are the pros/cons of blocking a program from running in %appdata%, %temp%, etc.?

Posted by poke on Server Fault See other posts from Server Fault or by poke
Published on 2014-02-11T14:37:46Z Indexed on 2014/08/21 4:23 UTC
Read the original article Hit count: 514

Filed under:
|
|

While researching ways to prevent CryptoLocker, I saw a forum post that advised using Group Policy Objects (GPO) and/or antivirus software to block run access in the following locations:

  1. %appdata%
  2. %localappdata%
  3. %temp%
  4. %UserProfile%
  5. Compressed archives

Obviously, anything written in a forum should be taken with caution. I do see advantages to do doing this, though, primarily because malware likes to execute out of these locations. Of course, this could impact legitimate programs as well.

What are the drawbacks to blocking run access to these locations?

What are the advantages?

© Server Fault or respective owner

Related posts about Windows

Related posts about security