Is it possible to prevent the download and execution of files with a .exe extension using 365? I've searched across Endpoint Manager, Defender for Endpoint and Defender for Cloud Apps but can't see an obvious way of doing this.
Most of my searches suggest using AppLocker but this would only solve half the problem (blocking execution of the file).
Is there any way using Microsoft 365 technology to block the download and execution of files based on their extension?
You can try using Edge's relevant group policy or registry to achieve your needs. I think this should help you. Please refer to this policy document: Allow download restrictions.
It can be known in the documentation that the danger level of exe type files is ALLOW_ON_USER_GESTURE, so you can change the group policy or registry information I mentioned above to 2, which will block potentially dangerous or unwanted downloads and dangerous file types.
And the path of this registry is at: SOFTWARE\Policies\Microsoft\Edge\Recommended, if it doesn't exist, you can create it as REG_DWORD type, set its value will be ok. In the same way, you can do it via group policy.
Related
How to check the validity of all *.url files on my Win10 partition?
In the past there was a tool AM-Deadlink which did this job.
Unfortunately it uses very old internet explorer engine resp. does not offer *.url files checking from partition files any more.
So I am seerching for another, newtool which helps me.
It should:
collect all *.url files from a given partition (e.g. D:)
check if target webpage exists resp. exists only as re-direction
....and tell me the HTTP server return (error) code
Any tool available?
See above
nothing more to explain
I am having trouble locating the methods to "Check Out" (or otherwise lock) and "Check In" documents in a SharePoint Online library/list using the Graph SDK. I don't actually see the REST calls listed either, but I have to believe they are somewhere, because OneDrive for Business webclient exposes these functions.
Basically, in some version-control scenarios, SharePoint admins and/or designers can "Require Check Out" in the library's Versioning Settings configuration. Editing a document is then a multi-step process, one of the first steps is to "Check Out" the document from the library so it is locked for edits to the current user. I can not find this method (and the mirror method "Check In") in reviewing the REST docs or the Graph SDK source code on GitHub. These methods would be required if a library is configured to "Require Check Out".
I have looked through the (Graph)List and ListItem objects pretty thoroughly (including the Versions relationship/collection) and can not locate the methods. I would have expected them to be available on a ListItem object.
If anyone has any code to work with document ListItems in this manner - or simply knows where to find these methods, it would be very helpful.
Those operations are not supported per list items (and in fact never was in SharePoint APIs) but are supported for files in document libraries via DriveItem resource which:
represents a file, folder, or other item stored in a drive. All file
system objects in OneDrive and SharePoint are returned as driveItem
resources.
Documentation:
checkout operation
checkin operation
The following example demonstrates how to checkout a file in document library:
POST https://graph.microsoft.com/beta/sites/{site-id}/lists/{list-id}/items/{item-id}/driveItem/checkout
and check-in it:
POST https://graph.microsoft.com/beta/sites/{site-id}/lists/{list-id}/items/{item-id}/driveItem/checkin
I want to change the homepage in the Edge browser via Registry but it's encrypted and I see (Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy) in Registry. Please help me to edit homepage in Registry or find where it's a violation of Windows policy to modify. See aka.ms/browserpolicy
ProtectedHomepages value is not really encrypted, instead it is an obfuscated buffer which contains homepages strings and the cryptographic hash for these strings. Buffer is obfuscated using the random generated seed which is also stored as a part of the buffer. I have done some reverse engineering research and published the results here.
So, basically, reading and decrypting this value is easier than modifying due to the required crypto-hash. However, reading capability is the only required for anti-malware software. I don't know what reasons you have to modify this value, hopefully you are not writing a piece of malware...
If it is only the homepage in Edge you want to set then change the URL below to your preference and then save this as a .reg file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main]
"HomeButtonEnabled"=dword:00000001
"HomeButtonPage"="https://www.google.com/"
Currently it is not possible to change the startpage of Microsoft Edge writing string or binary value into the registry. The entry to change is "Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" -> Value "ProtectedHomepages". The value is a encrypted binary value, in which the current homepage is not readable.
When you have to set a specific homepage more than one time and you want to do it with C# here a Workaround:
Set the startpage you want via UI of the Microsoft Edge browser. After Change of it restart the browser and export the registrykey named above. Open the exported file and copy the binary data into a string constant or resource in your C# Solution. In the function to write this Setting you can copy the string into a byte-Array and than writing as binary value into the registry. This entry has effect after restart of Microsoft Edge.
The same way you should use also when you want to Change the Default Search Provider. But in this case in addition to the value "ProtectedSearchScopes" one more registrykey is to use -> "OpenSearch". This key does/should exists by third Party search Providers only. This key should be deleted or does not exist if the search Provider is Bing.
Disable your computer's network interface
Launch MS Edge. The recovery page will error out
Open a new MS Edge tab
Close the MS Edge tab containing the error message
Close MS Edge
Enable your computer's network interface
Launch MS Edge
Also...
Some malware will change the Edge homepage. You can see the malicious URL in address bar, record it.
Kill Edge with Task Manager or reboot.
Edit your hosts file in c:\windows\system32\drivers\etc, from an Administrative command prompt go to that directory and type notepad hosts and hit Enter.
Add a host entry like this
127.0.0.1 bad.url (substitute the URL you recorded above for bad.url)
Save the hosts file then open Edge. This method is helpful when you are remoted in and cannot disconnect the network connection.
No need to do it in registry. You can now change the homepage via the settings in Microsoft Edge
I have been able to build rabbitmq server on ubuntu linux. It came already prepackaged and on making, it is able to start as a service. When i got the client source, i failed to make because it appeared like it needed a folder called ./deps/rabbitmq-server. Analysing the code, i find that the author of the client was accessing the same header files as are found in the server, using include_lib("path to rabbit.hrl e.t.c") in his header file called "amqp_client.hrl". I then decided to add rabbitmq_server in the lib dir of erlang so as its paths are automatically added on start up of the vm. But still this didnot help. There is also another folder which the client references called "rabbit_common" for an include folder he assumes would contain all the .hrl files there. Please assist me in building both the client and server on my ubuntu server, for testing.
Also, if anyone has used RabbitMQ server for IMs, please provide some benchmarks and/or your findings on its throughput, speed and number of users. How can it be compared to ejabberd?. How can one create AJAX/Jquery/Javascript clients for Web functionality?
thanks
I hope you had made some progress as far as RabbitMQ and ejabberd are concerned.
Below is a link to an interesting discussion that might be of help.
http://old.nabble.com/AMPQ-vs-XMPP-and-RabbitMQ-vs-ejabberd-td17587109.html
I can use DCOMCNFG to disable remote launch on my DCOM application, but I would like to do this programatically. I looked at CoInitializeSecurity, but that does not seem to do it. Anyone done this?
I am using Delphi BTW.
The binary data is simply a security descriptor structure (PSecurityDescriptor). I mean it is a copy of the memory of this structure. And, of course, the security descriptor is self relative.
JWSCL can create such a structure easily.
Launch- and AccessPermission list for every user access rights that also contain remote and local access.
The permissions for Remote/Local Activation/Launch are stored in the registry under the AppID for the object.
I'm not sure how to edit it programmatically.
This is very similar to change Access Permissions in Component Services > COM Security with script/api? for which i posted a response.