Whitelisting Programs on Windows

"Security against the Ransomware Virus and other malware"

The Ransomware Virus is one of the most hideous types of malware that exists, once you get it, it looks for and encrypts any data it can find. It is often easy to get, because many malware writers are creating many different versions all the time and these versions are usually connected with bad URL links. Regular anti-virus and anti-malware programs can’t always keep up.

One way to combat the Ransomware Virus and many others is to use a feature in windows called “Whitelisting”. When you enable Whitelisting, only the programs in the Whitelist are allowed to run. Therefore, if an offensive virus gets through, it is not allowed to run and cause damage.

How Whitelisting works…

• There are settings within Group Policy called “Software Restriction Policy” that can be turned on to restrict all programs from running except those in specified paths.
• These policy settings get transferred to the local registry of a user’s computer through the application of the group policy.
• For these settings to work properly, the normal user MUST NOT BE an administrator. The administrator has the rights to install software into the standard program directories (eg. C:\Program Files and C:\Program Files (x86)) while standard users only have permission to read and execute programs from those directories.
• Standard users also have permission to only read and execute programs from the windows directory.
• In the normal operation of running either Windows built-in programs or installed programs, a standard user can safely perform all the regular activity required while logged into a Windows PC
• If a standard user were to inadvertently get the Ransomware Virus (or any other malware) and it attempts to install itself, it can only install itself into an area where the standard user has “write” permission, which is not the Whitelisted area, and therefore that virus is not allowed to run.

Try it out…

Click Here to download the “bāsupport-Whitelist.zip” file. This zip contains four files:

• “Whitelist-On.reg” - A file to create a Whitelist in the local PC registry
• “Whitelist-Off.reg” - A file that restores the registry to “No Whitelist”
• “Instructions.txt” - A text file with instructions for the Administrator
• “Test-Putty.exe” - A program to test running from a non-Whitelisted path.

When unpacked into a common ‘Temp’ directory and run by an administrator on a particular Windows PC, it will establish a Whitelist of all programs in the “Program Files” “Program Files (x86)” and “Windows” directories. This will allow you to test the Whitelist concept on a single non-domain Windows PC.