EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Possibility to add rules to limit EXE access

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
Posted: 05/12/2015 18:22:47
by Mohamed Saher (Basic support level)
Joined: 03/04/2015
Posts: 6

Is it possible to do the following?

Allow execution of EXE files, but prevent creation of EXE on disk, lets say you can't copy and paste a certain EXE, but you can execute it.
Posted: 05/13/2015 02:51:44
by Vladimir Cherniga (EldoS Corp.)

One of the possible way is using pare of OpenFile/CreateFile callbacks. Withing callback handler you may check that file exist using GetFileAttributes() windows api, and based on the result, deny or allow request.
Another way, using filter access rule, you may set "read-only" mask to specific files or folders.
Posted: 05/13/2015 10:13:52
by Eugene Mayevski (EldoS Corp.)

Windows expects an EXE image on the disk to create a process (there are ways to bypass it but they are prohibitively complex).

The most obvious way is to create a virtual disk with a UNC mounting point (using CBFS or SolFS products) and run the EXE from it. You can forbid all processes but the system itself to open and read the EXE file from such disk.

You should be able to protect a real file with CallbackFilter this way, but I am not sure if this works correctly.

Sincerely yours
Eugene Mayevski
Posted: 05/13/2015 17:07:33
by Mohamed Saher (Basic support level)
Joined: 03/04/2015
Posts: 6

Vladimir, thanks a lot. That seems to do the trick for me. I used access rules with FileCreateC/FileOpenC to allow execution, but reject the copy-paste.



Topic viewed 3082 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!