Trust-No-Exe 3.04
Trust-no-exe is a free executable file filter that attaches to the operating system and filters all executable files, be it .exe .com .dll .drv .sys .dpl etc from all drives and all network shares against a list of files or paths, you, the administrator provide as trusted applications. If a prohibited executable (one not in the allow list or one explicitly defined in the deny list) is loaded, a popup box informs the user with an intelligent message that can be customised to your site.
As Trust-no-exe will only allow executables to load from your allow list, enabling execution from files in c:winnt (or c:windows on XP), and c:program files and by using normal file permission to restrict
the write-ability of these folders, you can very quickly obtain a system which only allows authorised programs which you have installed to be executed, while still allowing normal access (all but execution) to other files.
On the other hand perhaps you are worried about all these PE viruses, executable Christmas/birthday cards, screen savers etc that are coming in via email. While most of your users do not click on these programs you are worried about security holes in your email client, either hiding extensions or embedding files into html messages, or if the virus is so new your virus scanner has not yet got a signature for it. By using Trust-no-exe, you can prevent users from opening executable email attachments. The popup message box can be customised to remind users that it is company policy not to open executable files. But what happens if the executable’s don’t have .exe or hidden extensions? How will trust-no-exe know if they are executable or data files?
Trust-no-exe hooks into the operating systems routines for creating a process and loading it into memory. If the operating system attempts to load any compiled code into memory ready to give it execution as a process or thread, trust-no-exe will jump on it and prevent the code from being loaded into memory. Therefore trust-no-one doesn’t rely on the file extension and can not be easily fooled.
HomePage: http://retired.beyondlogic.org/solutions/trust-no-exe/trust-no-exe.htm
Download: http://retired.beyondlogic.org/solutions/trust-no-exe/trustnoexev304.zip
|