How can I block applications from running on my pc or at least connecting to the net? I'm wanting to block virtual pc type of software like vmware workstation and virtual pc or any other similar application. Also would it still block the application if you download it and change the name of the exe cus people can do this as well.
With a firewall software you can. norton does it fine. but i was hoping for another solution.
Ok, thank you for the response guys. How would you configure the OS to block internet access from specific programs or block a program itself, even if you change the name of the exe file? I am wanting to make it so you can not run vmware workstation or virtual pc. I know in norton firewall i can basically manually configure the app and say no internet access, but i don't know if that works when you change the exe name or if you download the installer again and then rename the installer or something.
I was hoping my SonicWALL TZ150 could do this, but don't think it can.
Oh? You can set up a new user and remove all privileges related to network access for that user, and then run the apps as that user (Run As). It's not as simple as it sounds, but it's still doable.
Regards,
If you are using XP Pro you can use Software Restriction Policies with either hash, certificate, or path rules. A hash rule will prevent a particular executable from ever being run no matter where it is installed on the computer or what it is named. Note that a hash rule will apply to only a particular version of a file - not every version available. You also can configure a XP Pro computer to use a default disallowed rule and then only the applications you authorize will run. SRP can be tricky to configure, just keep in mind that shortcuts are also restricted. So it you allow an application but it does not run when you click the shortcut, you also need to authorize the shortcut. The link below explains in much more detail. SRP are very powerful once you figure how to configure it properly. --- Steve
- Do not intall these applications
- Uninstall these applications
- Deny the right to excecute these applications
You can't.
Wolfgang
Joe wrote in news:20050207071118.199$ snipped-for-privacy@news.newsreader.com:
App Control is a crutch in PFW solutions that can be defeated at the boot process, since it's not an integrated part of the O/S. Malware will beat it or anything else that suppose to be able to stop execution of a program every time. If you want to control programs and stop execution, one configures the O/S to do and not some 3rd party software tool.
Duane :)
No it cannot do it. How can something that's not part of the O/S and is a standalone device control program execution on a computer?
If the O/S is an NT based O/S such as Win 2K, XP, ect, then you implement NTFS and set permissions for the program DO NOT ALLOW EXECUTION. If it's not NTFS on a NT based Windows O/S, you got no chance to stop it effectively other than don't install it or uninstall it.
Duane :)
Wrong. Vendors want you to believe that.
Norton is among the easiest to be tricked by malware.
I showed you one, well OK, i'll repeat it:
- Do not install these applications
- Uninstall these applications
- Deny the right to excecute these applications
Wolfgang
"An administrator creates the policy by using the Group Policy Microsoft Management Console (MMC) snap-in for a particular Active Directory container site, domain, or organizational unit"
Yes I know that's not aimed at home users but how are they going to know that?
Jason
Hi Jason
It is a topic for more advanced users but the possibility does exist. All that you quoted referred to enterprise management. SRP can easily be accessed via Local Security Policy - secpol.msc. Hash rules are very easy to create. However **WARNING** SRP can cause you computer not to start if not done properly and the only option to repair is a reinstall and not an upgrade install. This is usually a result of blocking access to needed start up executables in the system folder. if anyone wants to play around with them it is recommended doing on an operating system that you don't mind being trashed. I have Ghost image available to restore OS on my test ox. --- Steve
An what an awesome thought that is. I have no idea if it can, but I can find out I spose. Well yes, I can say disable internet access for specific ips and I think mac address, but not entirely sure about the mac address. Also does anyone know if vmware uses a specific mac address? I don't know, I've never looked and not sure where to look for that.
I just had a thought. The mac address will be different for each virtual pc and vmware installation wouldn't it? since each card it emulates, may be the same model and brand, but they would have to have a different mac address i think. so someone could just download it again like and install it again and get a new mac address. so if you say download the virtual pc trial you have its mac address. then you redownload the trial again you might get a new mac address and so on.
Well yes thank you Duane, you sure are helpfull. Umm, blocking the entire mac is good and what I want. I want to block virtual pc and vmware from getting online and blocking the mac from vpc and vmware works. However my thought is as I mentioned in a previous post just before this one. Wouldn't the mac be different each time you download and install virtual pc or vmware? cus it can't have the same mac address for every install in the world can it?
thats what i thot. so that won't work, :(
Can your SonicWall block by the mac address Virtual PC emulates a specific Ethernet card.
Just a thought
John
Not correct in VPC at least, each VM can have it's own mac address but they are all the same card a DEC 21140. VPC uses it's network driver on the host to make the physical interface act in promiscous mode so that packets for the VM can be routed to the VM.
John
Joe wrote in news:20050208004245.574$ snipped-for-privacy@news.newsreader.com:
If you tell the router to stop a MAC, it will be the MAC of the NIC (Network Interface Card) in the computer and the entire computer will be blocked from accessing the Internet. I don't know if you want to go that far with it as opposed to App Control that the router cannot do.
The best thing you can do if the router can do logging is review the logs and look at the inbound and outbound traffic. If you cannot account for a remote IP connection, then you should be concerned and take a look at what's happening with the connection.
You can use the tools in the link to investigate what's running on the machine making connections and stop it some kind of a way and remove it if necessary.
Duane :)
Some home users may get as far as typing secpol.msc But they will then have a quick look and close it without making any changes. If Microsoft can't make an OS which is secure when purchased instead of expecting the user to figure out secpol.msc then they will never make a secure OS. This is just a general point; I do not wish to get into any arguments about it.
Jason
Yeah it does this, but the mac changes in vmware workstation and virtual pc so it won't do any good. :(
I think maybe the only way to get it working is use the nortin internet security 2005 firewall to go in there and say manaully set up internet access for this specific program and say disable internet access from vmware workstation. then the problem is if i re installed or whatever like renaming the exe or moving the dir to another folder or something if it would still be blocked. I just have to try it I guess. I dunno, sigh.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.