How can i block all executables in a machine unless i verify it. I have multiple clients and i want to do it as programatically (I am using Visual-Studio-2010). It can be done through registry using DisallowRun but if i change the name of exe to notepad1.exe ,registry thing will not work. I want to get control of all the exe’s present ,like the way antivirus has.
Answer
The correct setting Microsoft added for what you need is AppLocker by GPO.
You can add policy by filehash, filepublisher or path.
With the filehash, it’s harder for an user to bypass it, unless he get another version, but you could block the publisher too.
Attribution
Source : Link , Question Author : jain , Answer Author : yagmoth555
