Raynor 3 Report post Posted July 31 Dear Emsisoft Team, right now, using the behaviour blocker, you could locally add an application rule that blocks a certain exe file. However, the current implementation lacks flexibility: 1) The application blocking rules CAN NOT be set using the Enterprise Console or the Cloud Console. There is no option for that. Rules can only be set using the local client UI (Protection--> Behaviour Blocker --> Add Application Rule), which is not suitable for enterprise usage. 2) Wildcards CAN NOT be used, e.g. blocking file extensions such as "*.hta" or "*.scr" is not possible 3) Hash rules and blocking program execution in entire directories (path rules) is not possible either Please let me kindly suggest that you improve the behaviour blocker and turn it into a real application control solution that can be centrally managed using EEC or the Cloud Console. Similar to what e.g. F-Secure and Kaspersky already offer: --> https://community.f-secure.com/t5/Protection/Application-Control-2-0/td-p/105812 --> "In Kaspersky Endpoint Security for Business, administrators can configure startup blocking policies for applications, executable modules (PE-files, exe, scr, dll) and scripts executed via a variety of interpreters (com, bat, cmd, ps1, vbs, js, msi, msp, mst, ocx, appx, reg, jar, mmc, hta, sys). For this, the administrator inventories applications on user computers and receives their list with metadata (vendor, certificate, name, version, installation path etc.) If new applications appear on hosts later, these are also inventoried." My reasoning behind this request: Right now, we are using Software Restriction Policies (SRP) to control the startup of some unwanted applications and file types (e.g. mshta.exe, *.hta, etc.). However, SRP has been deprecated by Microsoft starting with Windows 10 v1803. It still works, but who knows when MS will finally remove it. So SRP obviously is not a future-proof solution. Its successor, AppLocker, can only be used with Windows 10 Enterprise and Education, and is more complicated to set up and administer. So it is not an option for small companies which use Windows 10 Professional. Certainly this is not an ultra-urgent feature request (as SRP is still working), but it would be much appreciated if you could put this on your middle- to tong-term roadmap.After all, I believe that much of the technology required is very likely already contained in the current behaviour blocker,it just is not exposed via any UI that allows for flexible configuration. Thanks and best regards, Raynor Quote Share this post Link to post Share on other sites
Frank H 91 Report post Posted August 15 Thanks for your suggestion . I have forwarded your message to the team. thanks Quote Share this post Link to post Share on other sites
