Disable antivirus software. Disable antivirus software Block malicious scripts
The following steps will help you create additional rules. To illustrate the principles behind each step, here are examples of creating rules for Office XP.
Step 1: List all running applications
List the software you are trying to identify. In our Office XP example, it consists of Microsoft Word, Excel, PowerPoint®, and Outlook®.
Step 2. Decide on the type of rule
Refer to Table 1 ( When to use each rule) to decide what type of rule to use, and also decide on the default security level for your rule. In our example, we will use path rules with the default security level.
Step 3: Make a note of the folders where the software is installed
List all the folder paths where the software is installed. This can be done in various ways:
For our case, you will see the following running tasks:
| "C:\Program Files\Microsoft Office\Office10\WINWORD.EXE" | |
| "C:\Program Files\Microsoft Office\Office10\EXCEL.EXE" | |
| "C:\Program Files\Microsoft Office\Office10\POWERPNT.EXE" | |
| "C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE" |
Step 4: Identify dependent programs
Some applications may in turn launch additional programs for auxiliary tasks. Your application may depend on one or more helper programs. For example, Microsoft Word runs the Microsoft Clip Organizer application to manage clipart objects. Microsoft Clip Organizer uses the following programs:
| C:\Program Files\Microsoft Office\Office10\MSTORDB.EXE | |
| C:\Program Files\Microsoft Office\Office10\MSTORE.EXE |
Microsoft Office also uses files from the C:\P ogram Files\Common Files folder.
Step 5: Summarize the rules
In this step, group related rules together to create a more general rule. Consider using environment variables, wildcards, and registry path rules.
Continuing with our example, we see that all programs are stored in the C:\Program Files\Microsoft Office\Office10 folder, so it is sufficient to use one path rule that applies to that folder, instead of four separate rules for each program. Additionally, if Microsoft Office is always installed in the Program Files folder on your computers, use an environment variable instead of specifying an explicit path. So our rules will look like this:
Since these programs are allowed to run, we won't have to change our rules.
Implicit rules to remember
When creating rules during policy design, consider the following:
Login scripts
Login scripts are stored on a central server. Often these servers may change each time a user logs in. If you are using the default rule Disallowed, make sure you create rules that determine the location of the login script files. Consider using wildcards to identify these locations if the entry servers have similar names.
File protection service
The File Protection service contains archived copies of many system programs in a folder called dllcache. These programs can be launched by a user who knows the full path to the backup copy. If you do not want to allow users to run programs located in the archive folder, you can create the following rule: %WINDIR%\system32\dllcache, Disallowed.
Common Startup File Locations
Windows has many locations that contain links to programs that automatically run when you boot. If you forget to allow these programs, users will receive error messages when logging in.
Common startup file locations include:
| %USERPROFILE%\Start Menu\Programs\Startup | |
| %ALLUSERSPROFILE%\Start Menu\Programs\Startup | |
| Win.ini, System.ini lines beginning with "run=" and "load=" | |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce | |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run |
Antivirus programs
Most antivirus packages have a real-time scanner program that runs when the user logs into the system. This program scans all files accessed by the user, checking them for possible virus infection. Make sure your rules allow antivirus programs to run.
Scenarios
This section discusses some common problems and how to use software restriction policies to solve them.
Blocking malicious scripts
An organization needs protection against script viruses. The LoveLetter virus, classified as a network worm, is estimated to have caused between $6 and $10 billion in damage. This worm, which has more than 80 varieties, continues to be frequently encountered to this day.
The LoveLetter worm, written in Visual Basic Script (VBS), is found in the file LOVE-LETTER-FOR-YOU.TXT.VBS. The Software Restriction Policy blocks this worm by simply preventing the execution of any .vbs files.
However, many organizations use .vbs files to run logon scripts and system management. Blocking all .vbs files protects the organization, but Visual Basic scripts can no longer be used for the intended purposes. Software Restriction Policy helps prevent this by blocking unwanted VBS scripts and allowing valid ones to run.
This policy can be created using the rules presented in Table 4.
| Table 4 - Rules for blocking malicious scripts | |
| Rules for the path | |
| *.VBS | Disallowed |
| *.VBE | Disallowed |
| *.JS | Disallowed |
| *.JSE | Disallowed |
| *.WSF | Disallowed |
| *.WSH | Disallowed |
| Rules for certificates | |
| IT Department Certificate | Unrestricted |
This policy prevents the execution of all Windows Script Server (WSH) files except those scripts that are digitally signed by the IT department. Information on how to obtain a certificate and digitally sign files is contained in Application.
Software installation management
You can configure your organization's computers to allow only approved software to be installed. For software that uses Windows Installer technology, this can be achieved using the policy described in Table 5.
| Table 5 - Rules for managing program installations | |
| Default Security Level: Unrestricted | |
| Rules for the path | |
| *.MSI | Disallowed |
| \\products\install\PROPLUS.MSI | Unrestricted |
| Rules for certificates | |
| IT Department Certificate | Unrestricted |
This policy prevents the installation of all Windows Installer packages. The policy allows installation only of packages that are digitally signed by the IT department and the OWC10.MSI package located in \\products\install. Information on how to obtain a certificate and digitally sign files is contained in Application.
This policy also demonstrates how to prioritize path rules and certificate rules to ensure that only necessary software is allowed to run. To make exceptions for any other packages that your organization cannot or does not want to digitally sign, you can create hash rules or full path rules.
Business PC
In some cases, an administrator may need to manage all software running on a computer. This can happen for the following reason: even if users do not have enough rights to replace system files or files in shared folders (such as Program Files), but they are not prohibited from writing files to a location on the disk, they can copy the program there and run her.
Viruses that enter a computer in this way can damage the system by changing files and operating system settings; they can also cause enormous damage by misusing user privileges. For example, some worms can send mass email by gaining access to a user's address book. Even regular system users are vulnerable to this type of attack.
As long as users are not a member of the Administrators group on their local computers, the policy described in Table 6 protects them from accidentally executing malicious code. Because users cannot change the contents of the Program Files or Windows folders, they can only run programs installed by the administrator.
This policy prevents the execution of all applications installed on the user's computer, except applications contained in the Windows and Program Files folders and their subfolders. The policy does not apply to administrators.
If the user receives an attachment in an email message (such as WORM.vbs), the email program will copy it to the profile folder (%USERPROFILE%) and attempt to launch it from there. Because the profile folder is not a subfolder of the Windows or Program Files folder, applications launched from there will not run.
There are cases when programs needed by the user are installed not only in the %WINDIR% or %PROGRAMFILES% folders, or vice versa, but in these folders there are programs that the administrator wants to prohibit the user from running. In these cases, the administrator may make additional exceptions, as shown in Table 7.
| Table 7 - Exceptions for computer software management | |
| Rules for the path | |
| %WINDIR%\regedit.exe | Disallowed |
| %WINDIR%\system32\cmd.exe | Disallowed |
| \\CORP_DC_??\scripts | Unrestricted |
| %HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\InoculateIT\6.0\Path\HOME% | Unrestricted |
By throwing these exceptions, we get the following result:
Different policies for different users
In this scenario, there are computers on which many users are working together. All computers have the same software installed, but the administrator wants to give access to a certain part of the applications to one group of users, and to another part of the applications to another group of users. However, some applications will be shared among all groups.
Example
The university computer laboratory has 15 computers with the same software. They are equipped with Microsoft Office, computer-aided design (CAD), and the Microsoft Visual C++® compiler. To comply with the terms of the software license, the laboratory administrator must ensure the following:
To achieve this goal, the administrator creates three GPOs with customized software restriction policies. Each GPO is filtered so that it only applies to users in one of the groups AllStudents, EngStudents or CSStudents(depending on which group it is intended for).
Because the administrator wants the policy to apply to students only when they log on to lab computers (and not when they log on to their personal computers), he uses the Group Policy loopback feature. Setting a loopback allows an administrator to apply Group Policy Object (GPO) settings to users on the computer they log on to. If loopback is set to Loopback with Replace mode, the computer's GPO configuration settings are applied to the user at logon time, and the user's GPO configuration settings are ignored.
Refer to Tables 8, 9, 10 and Figure 8 below.
For more information on configuring loopbacks, see the article Group Policy Windows 2000 (Windows 2000 Group Policy) at http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.asp (EN).
| Table 8 - User A1 GPO associated with the Lab Resource domain | |
| User GPO A1, associated with the Lab Resource domain | |
| Filter: The Apply Group Policy permission is set for domain computers | |
| Disallowed | |
| Rules for the path | |
| %WINDIR% | Unrestricted |
| %PROGRAMFILES%\Common Files | Unrestricted |
| %PROGRAMFILES%\Messenger | Unrestricted |
| %PROGRAMFILES%\Internet Explorer | Unrestricted |
| %PROGRAMFILES%\Windows Media Player | Unrestricted |
| %PROGRAMFILES%\Windows NT | Unrestricted |
Figure 8 - Organization of group policy for a computer laboratory
| Table 9 - User A2 GPO associated with the Lab Resource domain | |
| User GPO A2, associated with the Lab Resource domain | |
| Filter: For domain computers and users of the CSStudents group, the Apply Group Policy permission is set | |
| Default security level | |
| Disallowed | |
| Rules for the path | |
| %PROGRAMFILES%\Microsoft Visual Studio | Unrestricted |
| Table 10 - User GPO A3, associated with the Lab Resource domain | |
| User GPO A3, associated with the Lab Resource domain | |
| Filter: For domain computers and users of the EngStudents group, the Apply Group Policy permission is set | |
| Enable Loopback in Replace Mode | |
| Default security level | |
| Disallowed | |
| Rules for the path | |
| %PROGRAMFILES%\CAD Application | Unrestricted |
A task sequence step allows you to specify the Configuration Manager 2007 package and program that you want to install as part of the task sequence. Installation of the package program will begin immediately, without waiting for the policy polling interval.
Task Sequence Step Install software runs only on the standard operating system and does not run on Windows Preinstallation Environment (WinPE).
You can configure the following settings.
NameSpecifies a short, user-defined name that describes the action that is performed in this step. Description
Allows you to specify more detailed information about the action performed in this step. Installing one application
Configures a task sequence step to install a single application. This step will wait for the application installation to complete. To specify the Configuration Manager 2007 package that you want to install, click Review. If Configuration Manager 2007 R2 is installed, you can select the Configuration Manager 2007 R2 Application Virtualization package when selecting a package. Use the drop-down list to select the program to use to install the package.
The program you select must meet the following criteria.
- It should not initiate a reboot on its own. The program must request a reboot using the standard reboot code, exit code 3010. This will ensure that the reboot is successfully processed at this task sequence step. If the program returns exit code 3010, the internal task sequence engine will reboot. After a reboot, the task sequence will continue automatically.
- Only after user login
- Execute with user rights
Select this option to configure sequential installation of multiple applications in a task sequence step. This step specifies a base variable name for a series of task sequence variables, each containing a pair of values<package id: program name> separated by a colon. A series of variable names are formed by adding a numeric suffix from 001 to 999 to a specified base name. Variable names and associated values form a dynamic list of packages. The list of packages ends when there are no more variable names followed by a numeric suffix. The linked packages will be installed in the order they are listed. Before the installation of each subsequent package begins, the installation of the previous one is completed. The package ID should always be in capital letters. The program name is case-sensitive and must exactly match the name assigned to the program when it was created. Virtual application packages distributed using the Configuration Manager 2007 R2 application virtualization feature are not distributed as part of the application list. If the variable's value is incorrectly formatted or indicates an invalid package identifier and program name, the package installation will fail. If there are no variables with the specified base name and suffix "001", the packages are not installed and the action completes successfully. The selected program must meet the following criteria.
- It must be run as the local system account, not as the user account.
- It should not interact with the desktop. The program should work without notifications or in automatic mode.
Select this check box so that if the installation of an application from the list fails, the task sequence will run Install software was continued. If this check box is not selected, if installation fails, the task sequence step will exit immediately. If the checkbox is checked, the next package or program from the list of variables will be installed, regardless of errors.
Surely many users, while working on the seven, encountered a situation where the antivirus installed on the computer blocked some user actions. In this case, temporarily disabling or uninstalling the security software may help resolve the problem. However, not all users, even those with good knowledge of Windows 7, know how to implement this. It is for these people that our article today is intended, in which we will talk about the most common situations in which it may be necessary to neutralize antivirus software, as well as methods for disabling it temporarily or completely.
In what situations is it necessary to disable the antivirus?
Before we talk about methods for disabling the antivirus in the Windows 7 operating system, it is necessary to consider the main situations that require this action. It is very important to have an idea about this, because by disabling your antivirus program, you leave your PC unprotected for some time.
One of the most common reasons for disabling antivirus software is the use of pirated utilities that use special crack.exe files, KeyGen.exe key generators or files like Patch.exe, which are responsible for cracking the standard license. The thing is that because of these files, the antivirus recognizes pirated programs as unwanted or posing a potential threat. However, in fact, pirated programs do not cause any harm to the computer, but installing and using them may require disabling the antivirus.
In addition, a similar situation arises when downloading files from popular Internet resources such as DepositeFiles, Letitbit, Rapidshare, Turbobit and some others.
Also, disabling antivirus software may be necessary when working with resource-intensive programs or games on computers with low technical specifications. The thing is that for stable operation, the antivirus requires significant processor and RAM resources, which creates a large load on the computer’s hardware.
In addition, some antivirus programs may conflict with the security measures integrated into the operating system, namely the firewall. In this case, completely disabling the antivirus or removing it will help solve the problem.
Temporarily deactivate antivirus software
Regardless of what antivirus you use on your computer, the process of disabling it on Windows 7 is absolutely identical. This can be done by right-clicking on the antivirus program icon located in the tray near the system time on the Start menu bar. After the context menu appears, select the “Temporarily disable protection” item. The deactivation time depends on the antivirus used. Some programs allow you to specify the period for which you want to suspend the utility.
This method of disabling antivirus on Windows 7 works on all modern antivirus programs, however, it is suitable for suspending work for a short period of time.
Complete deactivation of antivirus software
To completely stop the operation of security software for an indefinite period of time, there is another method. To do this, go to the “Start” menu item and select the “Control Panel” line. Next, go to the “Administration” section and uncheck all the boxes next to the antivirus line in the “Configuration Settings” and “Startup” sections.
When all the boxes are unchecked. Click on the “Ok” button, confirm saving the changes made and wait until Windows 7 reboots the system. After this, the antivirus software will be disabled.
You can also disable the antivirus through the “Task Manager”. To call it, you need to use the key combination Alt+Ctrl+Delete, and then select the line “Start task manager”. Next, go to the “Processes” tab, find the installed antivirus in the list, click on the “Stop” button and confirm your intention to disable the antivirus
How to stop the Windows 7 firewall?
The Windows family operating system from Microsoft comes without integrated anti-virus software, and the protective functions are performed by standard protection tools, which include a firewall, also called a firewall.
To disable the Windows Firewall, you need to open the main Start menu, select the Control Panel section, go to the System and Security menu item and go to the Windows Firewall settings section. To completely stop the operation of this service, you must click on the line “Turn the firewall on or off” located on the left side of the screen, check the box next to the deactivation line and confirm the changes being made.
To ensure that anti-virus software does not conflict with the firewall during operation, it is necessary to add it to the exclusion list. To do this, go to the system settings section “Allow a program or component to run through Windows Firewall” and check the box next to your antivirus.
Uninstalling an antivirus
If disabling the antivirus did not help or you decide to install another utility of this class, then you will need to uninstall the program. However, the main problem is that it is impossible to remove the antivirus using standard methods. To completely remove anti-virus software from your computer, you must boot the operating system in safe mode or first install a special utility designed specifically for these purposes. However, most modern antivirus programs can be uninstalled without using such utilities.
Adobe Flash Player is a free, widely used media player for viewing Flash files (SWF files).Flash has been an indispensable tool for creating presentations, games, websites, animated films and other add-ons that require rich multimedia content for quite a long period of time.
As a rule, browsers install the Flash player automatically; it is recommended to update the program regularly, since Adobe is constantly improving its development.
If, when opening any sites, video is not displayed and it is impossible to listen to audio files, then most likely you do not have Adobe Flash Player installed (or an outdated version of it is installed). Therefore, you need to download and install the latest version of this program. It would seem that there is nothing complicated about this, but it turns out that many users have problems installing a flash player.
How to install Adobe Flash Player correctly will be discussed in this article.
H To install Flash Player, follow these steps:
1 . Make sure your computer meets the system requirements for Flash Player
2. Before installing the flash player, you need update your browser to the latest version , otherwise, the Adobe Flash Player you downloaded will not install.
In the Opera browser, for example, this is done like this: Move the mouse over the browser menu located in the upper left corner, click once with the right mouse, select from the drop-down menu Reference->Check for updates. If there are updates, they are installed, if not, then your browser version is the latest.
For Mozilla Firefox browser You can check for updates like this: Help → About Firefox → Check for updates
3. Download the latest version of Flash Player
The most important! You only need to download Adobe Flash Player on the official Adobe website: http://www.adobe.com
In the lower section "Download"
press "Adobe Flash Player":
If for some reason you see another page of the Adobe.com website, then in the “footer” of any page there are links to download a flash player:
If Adobe Flash Player was already installed on your computer, you need to check that you have the latest available version of Flash Player installed on this page adobe.com
The following window displays the installed version of Flash Player and your operating system:
For those who are not familiar with English:
If Flash Player is not installed, you will receive an error message.
Note: It is possible that the version number in the picture is different from the version you installed. At the momentlatest version of Flash Player for Windows, 11.3.300.265:
In order for Flash content to be displayed correctly, you need to update the Flash player to the latest version. To do this, it is best to delete the previous one.
So, in order to download the flash player, use the direct link of Adobe Flash Player and you will be taken to the Russian-language download page.
Check that the downloaded file matches the type of your operating system and browser
Note: You will be prompted to install the Google Chrome browser or McAfee Security Scan Plus scanner in parallel:
If you do not need the proposed application, then uncheck the box. "Include in download":
4. Install Adobe Flash Player according to your browser type
For Mozilla Firefox browser
Click on the button Download on the download page of the Russian-language site (see link above) - on the official site it’s this button:
1. When the file open dialog box is displayed click the button Save File:
for a suggestion where exactly you can choose the Desktop:
Here is our downloaded original Adobe Flash Player, on the desktop:
To start installation double click on the Flash Player icon.
2. If you downloaded the install Adobe Flash Player installation file without a save prompt, then in the “Downloads” window d Double-click the file name:
3. When a security warning appears , press the button Run:
or Yes :
Note: Please note the publisher before agreeing to installation
Before you run it, you need to close all browser windows, for its successful integration.
If this is not done, the installation will pause with the error:
If this window appears, close Firefox. The installer runs automatically after Mozilla Firefox is closed.:
By default, the automatic update option is selected ( P When you select this option, the flash player is updated without your intervention when a new version is released). Adobe recommends using this option to update Flash Player.
But you can choose others:
Click the button Ready. That's it: Adobe Flash Player is installed on your computer.
Sometimes Adobe Flash Player installed as a browser add-on Mozilla Firefox. In this case, appears at the top of the browser warning "Firefox is warning you that this site (get.adobe.com) is asking you to install software on your computer"
Note: If you are using Internet Explorer 9 you must disable ActiveX filtering :
In Internet Explorer, select Tools>Security. If ActiveX filtering is checked, uncheck it:
Quit Internet Explorer, and then restart it.
After pressing the button Start installation(or Download) sometimes an information window pops up - we get rid of it by checking the box and clicking on "Close":
or “Run”
or yes"
We agree with terms of the license agreement and click "Install".
When the following window appears, close Internet Explorer.
The installer runs automatically after you close Internet Explorer.
After successful installation, select the update method. Click the button "Ready".
For Google Chrome browser
E If you are using Chrome then Adobe Flash Player does not need to be installed. because He built into Chrome and enabled by default (updates automatically when new versions of Flash Player are available.)
To make sure you have the latest version of Chrome, select Chrome> About Google Chrome.
In the message "Google Chrome has been updated to..." you see the latest updated version of Chrome. If Chrome is not the latest version, click the button"Update Now"
Note: The integrated Google Chrome flash plugin cannot be removed . You can only enable or disable the integrated plugin.
5. Make sure installation is complete
And below you will see the version of your Flash Player and your operating system.
PS. For any reason, if the installation fails, Adobe Flash Player must be removed from your computer:
Then restart your computer and re-download and install Adobe Flash Player
Based on materials from helpx.adobe.com, remontcompa.ru, www.dmosk.ru
Well, that seems to be all. Somehow the article turned out to be voluminous.
But, in principle, downloading and installing Adobe Flash Player is not difficult, the main thing is to do everything slowly, consistently and correctly.
Before downloading some programs from the Internet, in order to ensure that the programs download correctly, you may be prompted to disable your installed antivirus software. If you intend to download software from the Internet, then you should read the installation instructions to see if you need to disable protection from viruses. If this step must be completed before downloading, you will need to follow these steps to disable anti-virus protection in order to install the software correctly. Once you download the program, you will need to do a few things to ensure that your computer remains safe and protected.
Instructions
1.Open your installed antivirus program from the taskbar. Right-click on the icon. Some antivirus programs will require you to open the software to stop it.
2.Select “Stop protection”. Although each antivirus protection may have a different stop protection, they will have some wording that means "stop protection". After stopping the protection, check it to be sure.
3.In the lower left corner, click on the “Start” button, then click on “Control Panel”, and then click on the “Security Center” button.
4.Look at your "Security Center." It will show that your virus protection is disabled. If you need to turn off your firewall, you can do so by clicking at the bottom of the Windows Firewall page. This will open a new window that allows you to select “Off” to disable the firewall.
5.Complete the download and enable antivirus protection by clicking on the icon on the desktop or selecting your “Start” button, then “Programs” and click on antivirus software to protect your computer.
6.Enable the firewall in the "Security Center." Run a virus scan and anti-spyware scan to make sure your computer remains safe and free of spyware and viruses.
- After downloading from the Internet or from a disk, always check for viruses and spyware, if during installation you are told to disable your anti-virus protection and/or firewall.
