What are the pros/cons of blocking a program from running in %appdata%, %temp%, etc.?
- by poke
While researching ways to prevent CryptoLocker, I saw a forum post that advised using Group Policy Objects (GPO) and/or antivirus software to block run access in the following locations:
%appdata%
%localappdata%
%temp%
%UserProfile%
Compressed archives
Obviously, anything written in a forum should be taken with caution. I do see advantages to do doing this, though, primarily because malware likes to execute out of these locations. Of course, this could impact legitimate programs as well.
What are the drawbacks to blocking run access to these locations?
What are the advantages?