So, no-one likes getting malware. Am I right, or am I right.
So, after reading a whole bunch of posts about how to blacklist I decided to try it.
Most places say you should black list like
%AppData%\*.exe
%AppData%\*\*.exe
The thing about this though is
Sure it blocks exe files from being executed in the root of AppData and then the subfolder of AppData but thats it, it doesn’t block any deeper… also it only blocks .exe files. There are certainly a lot of bad things that can happen other than .exe
So what is a person to do
Well, if you black list
%AppData%
Guess what happens. The folder and all the sub folders are black listed, as well as not just .exe files it blacklists everything on the Designated File Types… a long list of executable code file types….
Where did this bad configuration come from? I don’t know, but it doesn’t seem like good advice.
But, after all that. I think what you really want to do anyways is white listing.
The best paper I have found on whitelisting is this NSA one.
Michael Ellerbeck 