Testing your CryptoLocker Group Policy

I posted previously on using Group Policy to establish rules to prevent executable files (.exe) stored in the Windows AppData directory from running, as a way to minimize or prevent the Cryptolocker-type ransomware from infecting your computers.

Someone asked me: “How do I know if the group policy rules are working?”

Good question … easy answer: drop in a small executable file into your local AppData directory and try to run it. I like to use notepad.exe for this test.

Here are the steps if doing this from a Vista / Win7 / Win8 workstation:

  1. Open up an elevated command prompt window.
    By default, it should put you into the C:\Windows\System32 folder
  2. Enter the following commands, pressing Enter after each:
    copy notepad.exe %localappdata% 
    cd %localappdata%
    notepad.exe
  3. If you receive an error message: “This program is blocked by group policy.” – then your group policy rules are working.
    Congratulations!

image

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.