What are the pros/cons of blocking a program from running in %appdata%, %temp%, etc.?
Posted
by
poke
on Server Fault
See other posts from Server Fault
or by poke
Published on 2014-02-11T14:37:46Z
Indexed on
2014/08/21
4:23 UTC
Read the original article
Hit count: 514
While researching ways to prevent CryptoLocker, I saw a forum post that advised using Group Policy Objects (GPO) and/or antivirus software to block run access in the following locations:
- %appdata%
- %localappdata%
- %temp%
- %UserProfile%
- Compressed archives
Obviously, anything written in a forum should be taken with caution. I do see advantages to do doing this, though, primarily because malware likes to execute out of these locations. Of course, this could impact legitimate programs as well.
What are the drawbacks to blocking run access to these locations?
What are the advantages?
© Server Fault or respective owner