Untangle 6.2?

T

TechieSooner

Supreme [H]ardness
Joined
Nov 7, 2007
Messages
7,601
Anyone using this?

I've been noticing a new variant of the AntiVirus 2009... One of my users already downloaded it, and NOD32 never batted an eye at it. Appears like it's most flash based ads, telling folks to "Click Here!!!"...

Why I'm asking is 6.2 has an ad-blocker.

Curious how long it might be expected to be released, or if I should jump to Beta right now?
 
A little off the topic but is your network AD? If so, do what I did. I put a Software Restriction policy in place blocking all the locations those stupid programs can run. Any time a new one comes out, I just throw that path into the policy and don't have to worry about it again. It's worked out great so far.
 
LittleMe said:
A little off the topic but is your network AD? If so, do what I did. I put a Software Restriction policy in place blocking all the locations those stupid programs can run. Any time a new one comes out, I just throw that path into the policy and don't have to worry about it again. It's worked out great so far.
Click to expand...
Yea, I use AD...
How do you do that??? Is there some sort of GPO setting that disallows anything from using certain paths?

The problem with that is it's not preventative... You only address it once it's infected something else. And in the case I saw, it spread itself out over the system (not just in one location but multiple.

Damned XP security...
Set everyone up as Local Administrators then my administrative overhead goes through the roof, or if I let everyone run as Administrator this crap happens.
Damned if I do, damned if I don't...
 
You can find Software Restrictions when editing a GPO under Windows Settings | Security Settings both for User and Computer configurations. There are a couple different types of rules you can use, but a path rule is one and is what I use for this. You create a new path rule and disallow the path it installs to or a certain exe if in a folder you can't block everything from such as the Windows folder.

It does only address the problem after it's already happend at least once but it's an extra step until the AV is updated to stop it. Also, what I did at first was go through the list here and get all that paths all the products on that page use and block them. It took a bit of time but at least I blocked all those to start with. Now I just add as they update their page or I come across something.
 
You must log in or register to reply here.
Back
Top