Last active
August 29, 2015 14:01
-
-
Save pudquick/ef8112e8a433db5df061 to your computer and use it in GitHub Desktop.
misc antiviral
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AccessProtection { | |
UserString UR1 "Prevent evil programs from creating *.exe under application data (2000/XP)" | |
UserEnforce UR1 0 | |
UserReport UR1 1 | |
UserProcess UR1 {Include iexplore.exe java.exe javaw.exe javaws.exe} | |
UserRule UR1 G_User {File C { Include "**\\Documents and Settings\\**\\Application Data\\**\\*.exe" } | |
} | |
UserString UR10 "CryptoLocker HKCU\\....\\Run" | |
UserEnforce UR10 1 | |
UserReport UR10 1 | |
UserProcess UR10 {Include *} | |
UserRule UR10 G_User {Value WC {Include HKCU/Software/Microsoft/Windows/CurrentVersion/Run/CryptoLocker} | |
} | |
UserString UR11 "Prevent evil programs from executing *.exe under %appdata%\\*\\ (Vista/7)" | |
UserEnforce UR11 0 | |
UserReport UR11 1 | |
UserProcess UR11 {Include acrord32.exe firefox.exe helpctr.exe helphost.exe helpsvc.ex |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment