locked
App-V sequenced app & malware RRS feed

  • Question

  • I have sequenced Firefox 3.6.3 on App-V 4.5 and wish to know how exposed the client machine would be to virus/malware/keylogger, etc. Running in a 'sandbox' with all the changes being made to the App-V files (UsrVol_sftfs_v1.pkg, etc) means it should be fairly safe, but I can't find much information on exactly how much access sequnced apps have to the local machine.
    Monday, June 28, 2010 2:00 PM

Answers

  • Applications will have the same access to the local machine as an installed application; however there are two things to take into account:

    1. The user context the application is executing in - the same rules apply to virtualised applications that apply to installed applications: always run applications as standard users, don't give users administrative access to their workstations

    2. Which folder and registry locations are fully virtualised: If the malware was looking for data files (such as Word documents) to modify, the virtualised application could still modify those.

    You could reset or delete the .PKG file and the malware would be gone, but it could come back via the same vector. 

    Microsoft have also recently released documentation on the file formats which should allow anti-virus products to scan inside .PKG files.

     

    • Proposed as answer by znack Monday, June 28, 2010 5:17 PM
    • Marked as answer by Aaron.ParkerModerator Monday, December 19, 2011 1:21 PM
    Monday, June 28, 2010 2:48 PM
    Moderator