Endpoint Protection

 View Only

  • 1.  Block Thinstall Portable Applications

    Posted Sep 14, 2009 09:25 AM
    I'd like to know if there is a way to block Thinstall applications from running in our systems, using Symantec Endpoint V.10

    I know that those applications (thinapp) have some kind of EXE signature, and I'm able to detect it using PEiD software with a Hex based custom signature.
     


  • 2.  RE: Block Thinstall Portable Applications

    Posted Sep 14, 2009 09:43 AM
    Just to correct the actual version = Version 11


  • 3.  RE: Block Thinstall Portable Applications

    Posted Sep 14, 2009 10:12 AM
    You can create an application and device control to block the program from running.

    You can use the path or even MD5 hash of the .exe to do this. 


  • 4.  RE: Block Thinstall Portable Applications

    Posted Sep 14, 2009 10:56 AM
    I read somewhere that the Application doesn't works on x64 clients, is it correct?

    I think that both path or MD5 can't stop then, because the path can be anywhere on the this, the exe name the same.

    And MD5 hash, we don't have the exe file to extract it.

    All these procedures are to disable users from running Portable Applications coming from internet, pendrivers or some where sources, which is not allowed inside the company.

    Our Windows policy already controls and deny user software instalations. But Portable Apps (like Thinapp from VmWare) virtualize software and don't need to install.




  • 5.  RE: Block Thinstall Portable Applications

    Posted Sep 14, 2009 03:24 PM
     You are correct application and device control is not supported on 64 bit servers/Clients.

    You can block the application by both File Fingerprint or file name with location.


  • 6.  RE: Block Thinstall Portable Applications

    Posted Oct 08, 2009 10:15 AM
    Is application and device control still not available on x64 clients under RU5? 

    We only have a few machines running x64 vista right now, but with windows 7 hitting general release soon, we will likely be installing the x64 version on most of our hardware.  We still need to be able to enforce the restrictions on usb drives etc once we upgrade.