application control (how implement)

Question

4.33/5 (3 votes)

See more:

, +

hello dears

our team want to implement an application control.
i have some question.
we have some white list that if an application was in thatlist can run in a system and other application should not run anywhere.

our goal is to prevent application to create process. for example createprocess is an windows api and we should prevent application that is not in white list to call this api.

what is the best way to prevent application to create process.

we have some idea:
1- write a driver in kernel mode.
2- write a service in kernel mode.
3- write a service in user mode.
if there is other solution, i will happy to know that solution.

other question:
antivirus like Kaspersky or ESET how implemented?
in kernel mode, have driver or write a service.

thank you very much.

[edit author="rjm"]
thank you for answering.
we want to protect system by an application not with windows Security Policy. by windows Security Policy user can disable that.
[/edit]

Posted 20-Nov-13 21:10pm

ali64iust

Updated 21-Nov-13 0:10am

Richard MacCutchan

v2

Add a Solution

Comments

Richard MacCutchan 21-Nov-13 6:15am

Please do not respond by editing my answer, use the Have a Question or Comment? button below the solution.

As to your supplementary question, you would still need to install some software that the user can uninstall from his system. If the user account does not have administrator privileges then using Security Policy restrictions is the best way forward.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard MacCutchan · Accepted Answer · 2013-11-20T23:21:00

Solution 1

Look at some of these links[^]. There are many ways of restricting your systems by the security policies in Windows.

Posted 20-Nov-13 23:21pm

Richard MacCutchan

Updated 21-Nov-13 0:10am

v3

Comments

CPallini 21-Nov-13 5:23am

5.

Richard MacCutchan 21-Nov-13 5:42am

:thumbsup: