![]() ![]() Vesuvius erupts, burying the cities of Pompeii, Herculaneum, Oplontis, and Spark! Pro Series - 24 October 2023 Spiceworks Originals.I have no problem with people copying files to places they have write access to as long as they can't cause harm and if they can't run, they can't cause harm. Yes, putting the file there will be allowed. SRP should be enabled for any location that a User can write to, so that's kind of a given, isn't it? ![]() Well yeah, but that means you put the SRP on the locations as well for those so yeah it wouldn't run but it will install it just won't run it. For example, my users have write access to their download folder and their documents folder, but if they try to run anything from those locations SRP/Applocker will block it. Putting an EXE into a folder you have write access to doesn't mean you'll be able to run it, though. Yes, SRP has worked well to block those types of install however sadly setting up those will not prevent the user from installing a portable app into folders they have read/write permissions. I'd really recommend white listing through SRP or Applocker. Lots of stuff can install and run from appdata like Chrome and somethings that are more malicious like ransomware.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |