Can I include my executable as part of WFP?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

Is there any way that I can include my program (executable) as part of
Windows File Protection.

This is required so that when ever some one tries to delete this executable,
it is replaced by Windows with Original executable. Similar to microsoft
windows "explorer.exe", when I rename this file it is automatically replaced
by windows with the original explorer.exe.

Thanks in advance for any help.
 
File protection is for operating system files - not "your" program
(/virus/spyware?) files.

You see how your question can be interpreted!

--
Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!
 
Dear Richard,

I am working on something related to the operating system, like developing
my own authentication system.

That is why I am keen to know that is it possible to develop my programs
(lets say GINA) with WFP enabled.

Thanks

Rajesh Thareja
http://www.slcltd.com


Richard Urban said:
File protection is for operating system files - not "your" program
(/virus/spyware?) files.

You see how your question can be interpreted!

--
Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!
Click to expand...
 
Wow! Would that be great for malware program writers. The best defense is to
not allow your users to be local administrators or that is a risk you are
going to have to take. You could manage NTFS permissions on those files so
that only authorized user/groups have delete permissions though any local
administrator could change the permissisions if they knew how to and wanted
to. A Group Policy startup script could also be configured to copy your
files to the computer from a network share. Software Restriction Policies
can also be used to make sure users are using only an authorized version of
a file with a hash rule though again a local administrator can bypass SRP by
booting into Safe Mode. --- Steve
 
I think I got the answer and now I know what to do. I will try to use the
group policies with SRP.

Thanks alot.

Rajesh Thareja


Steven L Umbach said:
Wow! Would that be great for malware program writers. The best defense is to
not allow your users to be local administrators or that is a risk you are
going to have to take. You could manage NTFS permissions on those files so
that only authorized user/groups have delete permissions though any local
administrator could change the permissisions if they knew how to and wanted
to. A Group Policy startup script could also be configured to copy your
files to the computer from a network share. Software Restriction Policies
can also be used to make sure users are using only an authorized version of
a file with a hash rule though again a local administrator can bypass SRP by
booting into Safe Mode. --- Steve
Click to expand...
 
Back
Top