Security

Software Restriction Policies to Prevent Ransomware

Software Restriction Policies top stop executables from running within a compressed file (example from http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#prevent): GPO -> User Configuration/Windows Settings/Security Settings/Software Restriction Policies Block executables run from archive attachments opened with WinRAR: Path if using Windows Vista/7/8: %LocalAppData%\Temp\Rar*\*.exe Security Level: Disallowed Description: Block…

File Screens to Monitor File Shares for Ransomware

File Screens will monitor your Windows file share and can notify you when certain files or file types are created. File Screens do not prevent ransomware.  See this article for prevention http://www.questiondriven.com/2016/03/07/how-to-prevent-ransomware-infections/. I wanted to monitor the file shares for ransomware related…

Command Line Taking Ownership of Files

Windows XP: Tools: Install windows server 2003 resource kit subinacl Usage: Single File: Subinacl.exe /file [path-and-file-shortname] /setowner=Administrator /grant=Administrator=F Sub Directories Subinacl.exe /subdirectories [path] /setowner=Administrator /grant=Administrator=F Windows Vista/Windows 7: Tools: Takeown icacls Usage: takeown /f [filename] /r /d y icacls [filename]…

Windows 7 Block IP Addresses

PeerBlock is very useful, but it is better to block at the router/firewall that at the client. However for home use PeerBlock works well and can be as paranoid as you want. Resources: http://www.peerblock.com/ http://www.iblocklist.com/lists.php http://blogs.cisco.com/security/block-a-country-with-my-cisco-router-or-firewall/ http://community.spiceworks.com/topic/158311-sonicwall-vs-fortinet http://www.sophos.com/en-us/products/unified.aspx http://www.countryipblocks.net/ http://www.nirsoft.net/countryip/…

%d bloggers like this: