We are looking a way to block the psexec.exe on the entire network using firewall or IPS. But we dont want to block using ADC.
We applied rule in firewall to block and log the traffic but its not working.
Rule that we created.
Block psexec.exe. Application based rule in SEP firewall using filefinger print.
Note: psexec is using microsoft-ds port so we cannot block the port since its used for Microsoft Directory Services and lot of stuff.
Is there a way to block the psexec.exe execution on the network using NTP ?