What's the policy to prevent downloading exe files?

Since no one seems to be able to reply to my previous topic here
I am asking the same question in another way.

I am using Internet Explorer
What is the policy to make it pop up the default allow/block pop up when trying to download exe files?

Have you checked Defence+ IE what Protected Files/Folders is set at?

Screenshot of allowed.

[attachment deleted by admin]

The problem is exactly there.

The *.exe is added automatically at the “allowed” files list without asking anything.
Even if I delete the Defence+ IE, when it restarts from scratch nothing changes and allows automatically *.exe

I don’t think that it is a basic function of D+ to prevent / ask for downloading an exe file. D+ role is to inform / prevent exe files to modify system / registry / files and folders.

Having said that I thought you could configure CIS to inform when IE tried to modify protected folders:

Add IE temp folder to the protected folder list
Add IE to the computer security policy and customize the process access right to ask for protected files/folders, also went into the modify option and removed *.exe from the allowed files.

Applied all changes and to my surprise I could download an exe file. D+, without any indication or prompting re-added *.exe from where I just removed from. Tested several time with different folders as well… It always re-add the *.exe to the allowed list.

I must be missing something or it is a bug. I will test some more and document and if needed post as a bug.

You can configure IE to refuse downloading files of certain types using Microsoft tools http://www.microsoft.com/downloads/details.aspx?FamilyID=21687628-5806-4ba6-9e4e-8e224ec6dd8c&displaylang=en

Hope this makes sense and helps.


Up to the previous version that was exactly what it did, that is asking if you allow/deny that Internet Explorer “creates” a new exe file.
I don’t understand why it was taken away or if it is a bug :wink:

Do you plan to fix this problem?

Do you plan?

I was wondering the same thing that why D+ is not preventing downloading of .exe files on a new Windows 7 64-bit machine ?

As far as I remember previous version was not allowing downloads of any “executables” without D+ permission pop-up, if you have setup CIS configuration to “Proactive Security” and D+ to “Safe Mode” with these settings:

D+ > Advanced > Image Execution Control Settings > Image Execution Control Level > Aggressive and have added files group “Executables” under “Files to Check”.

Under I.E.C.S. it does say
(1) intercepts executable files before being loaded into the memory and
(2) intercepts prefetching/caching attempts for the executable files.

Any help is greatly appreciated.

Windows 7 64-bit
CIS: 3.14.130099.587
Proactive Security
Defense+: Safe Mode
Firewall: Safe Mode
Antivirus: On Access

[attachment deleted by admin]

Why no reply?

Well i will try to help…

First of all, downloading and executing aren’t alike, so image execution wont catch downloads…

There is no popup from D+ because IE is trusted, if you want popups for IE change D+ to Paranoid mode…
Then go into the IE policy and Modify the Protected Files, select Block Files and Folders… and Add… Broswer, Under “Add new Item” add *.exe

There that should do it…

IE was trusted also with the previous version, so why did it change with 3.14…587?

If I “go into IE policy etc. etc.” then no .exe file will be allowed to be downloaded, while (like in the previous version) I want simply to be warned everytime IE is trying to download an exe or dll file
So do i have to revert to the previous version? :wink:

I guess i know what you are looking for, check out:

  1. Select My Own Blocked Files on Defense+ screen;
  2. Click on Add…;
  3. Select Groups;
  4. Select the Temporary Files group;
  5. Click on Apply;
  6. Restart - maybe not needed, i haven’t checked - your browser, try to download something strange…
    (NOTE: this may prevent other downloads, such as e-mail body, etc. /not a real exe-only solution and not 100%, read below maybe/)

and/OR (maybe you only need this):

Add your browser’s temporary directory to My Own Blocked Files and write a *.exe after the directory name, e.g.: C:\Documents and Settings\USERNAMEHERE\Local Settings\Temporary Internet Files*.exe (this will NOT let you download ANY EXEcutables with the browser /very strong policy but maybe this is the only line you need to add to the My Blocked Files if this is your aim/)

Is this what you are looking for?