Endpoint Security Evaluation

I posted on using Group Policy to establish rules to prevent executable files (.exe) stored in the Windows AppData directory from running, as a way to minimize or prevent the Cryptolocker-type ransomware from infecting your computers.

Someone asked me: “How do I know if the group policy rules are working?”

Good question … easy answer: drop in a small executable file into your local AppData directory and try to run it. I like to use notepad.exe for this test.

Here are the steps if doing this from a Vista / Win7 / Win8 workstation:

Open up an elevated command prompt window. By default, it should put you into the C:\Windows\System32 folder Enter the following commands, pressing Enter after each: copy notepad.exe %localappdata%  cd %localappdata%notepad.exe If you receive an error message: “This program is blocked by group policy.” – then your group policy rules are working. Congratulations!