Alternatives to AppLocker

H

Haole Boy

Active Member
Reaction score
190
Aloha. Hoping someone here can help.

I've got a customer who (despite many lectures not to do this) will let any telephone scammer connect to his PC. I've got him running as a standard user and have locked down Malwarebytes and ESET so they cannot be disabled, but the scammers still get access. So far, all they seem to do is reset his logon password and somehow muck up AOL. But it's still a service call to fix this, and his daughter (who is paying the bills) wants me to find a solution.

On my last visit, I found the following remote access programs in his Downloads folder:
alpemix.exe
anydesk.exe
gotoassist opener.exe
supremo.exe
teamviewer_setup.exe
UltraViewer_setup_6.2_en.exe

Several of these have a "run now" option when you execute them so they do not go through any sort of installation process (bypassing the 'enter admin password' stuff).

I've found that I can use group policy to block programs by name. This works for most of the above, but it won't work when there is a new version of UltraViewer_setup_6.2_en.exe with a new version number.

Some more investigation led me to AppLocker which has capability to block based on publisher. But, you need to be on Win10 Enterprise.

So, has anyone found something similar to AppLocker but will run on Win 10 Pro?

I've also noticed there are "freeze" programs where a reboot restores the machine to a previous condition. But how do you update the machine with Windows and program fixes? And does this interfere with email? (i.e. do you see email you handled the day before after a reboot?),

Mahalo,

Harry Z
 
Computer Bloke said:
If you're fighting your own client then you're pretty much guaranteed to lose. He hasn't changed his behaviour after the first or even second attack and this is an excellent indication that he's never going to change it.

You might want to take a step back and look for a more holistic solution. What kind of things is the computer used for and could that be done as easily using Linux (Mint/MATE would be my preference), or possibly even a tablet?

We're still at the stage where the scammers are picking the low-hanging fruit - naive users with Windows or (increasingly) Mac computers - and when they encounter something unfamiliar most of them will give up and move on to an easier target.
Click to expand...

Porthos said:
That person needs to tell her old man to get his ducks in order. She needs to know there is only so much you can do if her father is LETTING the scammers into the computer.

But you already know this.;)
Click to expand...

Thanx for the replies. This guy is in his late 70's maybe early 80's and he is not going to change. Although occasionally he does tell the scammers to go away. And his daughter does know that the root cause of the problem is located between the keyboard and the chair. So, yes, I am looking for a technical solution for a human problem. I understand this and am hoping someone here can provide a pointer to something that will help.

Linux is not a good alternative for this guy - no AOL client app, and his Microsoft flight simulator won't run.

So, if anyone else has any ideas, I'm listening!

Mahalo for your assitance!

Harry Z
 
Take a look at Wine before you write off Linux. It can run a huge number of MS apps, including games.

Been sometime since I set one up but Deep Freeze does support updates as well a some user accessible persistent storage. To be honest that would be the best solution. Make sure his machine clean, install and configure the app. He won't really notice anything.
 
I wouldn’t go the Linux route. From my experience, and maybe this is just my pitch, clients don’t want to be told they need to migrate away from a system to solve a problem. Plus the thought of anything new boggles their mind.

Have you tried using a path with a wildcard in your disallow registry settings? Something along the lines of including these entries:

%USERPROFILE%\Downloads\*.exe
%USERPROFILE%\Downloads\*.msi

Also what if any of these programs are doing any kind of reach back, maybe block that in windows firewall based on the path as well.

Remember these aren’t fool proof, but for the scrubs that are trying to take advantage of the elderly, it might be more work than they are looking for to come up with a work around.


Sent from my iPhone using Tapatalk
 
In addition to making his user account a standard, non-admin user (which you've done), you could prevent him from running downloaded executables by modifying the security properties of the relevant user folders (Downloads, Desktop, Documents, etc.)


GrY1ajY.png
 
You must log in or register to reply here.

Similar threads

YeOldeStonecat
Gaming rig...help with client computer with vid card issues.
2
Replies
25
Views
827
Rosco
Rosco
Appletax
[SOLVED] Client wants someone to hack Facebook to get him back into his account
Replies
6
Views
559
frase
frase
HCHTech
Permission Hell
Replies
12
Views
577
Sky-Knight
Sky-Knight
thecomputerguy
Am I terminating employees correctly in Office365?
Replies
4
Views
245
Sky-Knight
Sky-Knight
britechguy
ListHotKeys - VBS to PS1 conversion - Why doesn't the latter give me the pop-up?
Replies
0
Views
59
britechguy
britechguy
Back
Top