Thursday, January 30, 2014

How to Block an Application or .EXE from Running in Windows

While doing some cleaning up on a test computer around the office, we realized that we’ve never written about how to block an application from running using a registry hack. It’s easy, so here you go.
It’s worth noting that this doesn’t work for blocking things that will be running as services, and a lot of spyware and malware abuses the built-in Windows rundll32 utility to run their stuff without actually using an executable. This technique won’t work for that.
If you’re running the Professional version of Windows, you can use the Group Policy editor to make a list of allowed applications rather than a registry hack, or you can use this same technique to block applications.

Blocking Applications from Running with a Registry Hack

To make this work, you’ll need to browse through the registry and create a key or two. Open up regedit.exe through the WIN + R menu, and then head down to the following key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Once you get to that key, create a new 32-bit DWORD called DisallowRun in the right-hand pane with the value set to 1. Then create a key under the Explorer key on the left-hand pane, and call it DisallowRun as well. If some of those keys don’t exist, you’ll want to right-click and create the keys like you can see in the next screenshot.
On the right-hand side underneath the DisallowRun key, you’ll want to create a bunch of String values with names starting with “1″ and going in numerical order (so the second one would be “2″ and the third “3″, etc). Set the value of each one to the name of the executable that you want to block. For instance, if you wanted to block Calculator and Notepad from running, you’d add two keys like this:
1    notepad.exe
2   calc.exe
This will end up looking something like the following screenshot:
Once you set this restriction and restart your computer, you can immediately see the change by just trying to run the application — you’ll get a popup that looks like the first screenshot in this article.

Alternative: Use this Pre-Made Registry Hack

So you don’t want to do all of that. Open up Notepad, paste in this text, adjust the name of the applications listed in the file, and save it out as SomeFileName.reg, making sure to end the filename in .reg so it’ll be usable. Then double-click on the file.
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"DisallowRun"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]
"1"="someapplication.exe"
"2"="anotherapp.exe"
Nice and simple. Enjoy.

No comments:

Post a Comment