none
Software Restriction Policy for WinRAR via GPO

    Question

  • Hi Experts,

    I have made a GPO in which I want to block the executable that is in the .rar format file, for this I have made the following path rule in the Software Restriction Policy.

    %LocalAppData%\Temp\Rar*\*.exe

    At the same time I want to make sure that the users can open any file except the .exe extension in the zip format, what would be the path rule for that with allowed permission.?

    Any Suggestions.


    TechSpec90

    Sunday, February 8, 2015 7:19 AM

Answers

  • Mission impossible with suggested approach.

    Better approach would be a decent antimalware solution.

    I've witnessed cases where a user received password protected zip/rar file in e-mail. (S)he would then unpack the arhive and click on the exe file infecting the computer. They would then pass the blame on support, antimalware, anyone but them.

    C'est la vie.

    Thursday, February 12, 2015 1:56 PM

All replies

  • Hello,

    If your server it's Windows Server 2008/2008 R2 or 2012, you can use use Applocker. Create an editor rules. Just editor it's blocked.

    Monday, February 9, 2015 12:21 AM
  • But I guess AppLocker is not compatible with WinXP Machines

    TechSpec90

    Thursday, February 12, 2015 1:16 PM
  • Mission impossible with suggested approach.

    Better approach would be a decent antimalware solution.

    I've witnessed cases where a user received password protected zip/rar file in e-mail. (S)he would then unpack the arhive and click on the exe file infecting the computer. They would then pass the blame on support, antimalware, anyone but them.

    C'est la vie.

    Thursday, February 12, 2015 1:56 PM