Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 2829 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Application Control - Windows Live Messenger

toddh
Hey, Is Windows Live Messenger not able to be controlled under Windows 7 64 bit? I setup a test with a Windows XP 32 bit and a Windows 7 64 bit (These are the two main operating systems we have). I was able to block Windows Live Messenger in Windows XP, however I am unable to block it in Windows 7 64 bit. Has anyone tested this? Thank you, Cheers
:7697


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Yes it's more than the application names and is identity based from what I can tell. I had a look at SAV32CLI and with the power of strings.exe from Sysinternals manged to find the switch: -controlled 

    So for example:
    "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sav32cli.exe" -controlled "C:\Program Files (x86)\Windows Media Player"

    will scan the directory "C:\Program Files (x86)\Windows Media Player" for controlled applications.

    In this case it reports:

    >>> Virus 'AppC/WMPlay-Gen' found in file C:\Program Files (x86)\Windows Media Player\wmplayer.exe

    Which tells me it's all using the same technology under the hood which is good as it should be thorough.

    For the short term (hopefully before it gets added on a monthly release cycle), if you have AD, you can always set up a GPO software restriction policy to disable for example someone running a process name "msnmsgr.exe".  If this is considered to open to file name classhes you could include the whole path: for example: "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe".  Maybe this would work for you, even if it was only linked to a few OUs.

    Jak

    :7703
Reply
  • 0

    Hi,

    Yes it's more than the application names and is identity based from what I can tell. I had a look at SAV32CLI and with the power of strings.exe from Sysinternals manged to find the switch: -controlled 

    So for example:
    "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sav32cli.exe" -controlled "C:\Program Files (x86)\Windows Media Player"

    will scan the directory "C:\Program Files (x86)\Windows Media Player" for controlled applications.

    In this case it reports:

    >>> Virus 'AppC/WMPlay-Gen' found in file C:\Program Files (x86)\Windows Media Player\wmplayer.exe

    Which tells me it's all using the same technology under the hood which is good as it should be thorough.

    For the short term (hopefully before it gets added on a monthly release cycle), if you have AD, you can always set up a GPO software restriction policy to disable for example someone running a process name "msnmsgr.exe".  If this is considered to open to file name classhes you could include the whole path: for example: "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe".  Maybe this would work for you, even if it was only linked to a few OUs.

    Jak

    :7703
Children
No Data