I add the directory to the Blocked Files, but I can build new directory and create new file in it.
Any one can help me? Thx.
I don’t know about COMODO, but this can be achieved with built-in NTFS permissions…
- Go to the Properties of the folder
[li]Click the Security tab
- Click Advanced
[list]
[li]Click Change Permissions…
[list]
[li]Uncheck “Include inheritable permissions from this object’s parent”
[list]
[li]Click Remove
[/li]
- Click Add…
[li]Type “Everyone”
- Click OK
[list]
[li]Check Deny under (Full Control) - Check Allow under (Traverse folder/execute file, List folder/read data, Read attributes, Read extended attributes, Read permissions)
- Click OK
[/li]
[/list]
[/li]
- Click OK
[li]Click Yes
[/li]
[/list]
[/li]
- Click OK
[/list]
[/li] - Click OK
[/list]
[/li]
Now nothing can write to anything in that folder until you undo the changes by removing the “Everyone” rules and re-checking “Include inheritable permissions from this object’s parent”. Or you write more complex rules allowing loopholes.
CIS allows users to do anything to the system where it will block an application to do so. CIS is the nanny of program behaviour; not the nanny of user behaviour.
Try writing a batch file and let it copy a file to the blocked folder. You will see it won’t succeed.