You can use a group policy to protect your server from known viruses that require an executable to run. For example, Sobig.F and Blaster are two fine examples.

Go to Run > Type MMC to open the Microsoft Management Console.

Select File > Add/Remove Snap-in > Add > Group Policy Object Editior

Allow it to modify the Local Computer in the wizard. Close > OK

Navigate to Local Computer Policy > User Configuration > Administrative Templates > System Click on Systems on the left hand pane. You should get some choices in the right hand pane.

Select Don't Run Specified Windows Applications.

Select Enable and then Show > Add

Add any applications you want to restrict. Blaster and Sobig.F are

WINPPR32.EXE
MSBLASTER.EXE

Click OK and close out of the MMC. You are now protected.

This is no substitute for AV Protection and a Firewall. This is just another layer of protection.

Greetings Vinnie Pasetta:

Thank you for the very clear and easy to use instructions.

Do you have advice on any other applications to block?

Other than:

http://www.cert.org/
http://www.sans.org/

Do you recommend any other places to go to keep up to date on applications to block this way (knowing that virus and patches and all other work is also necessary)?

Thank you.

Greetings:

We recently received an email from a person at a company that used the MMC "Don't Run Specified Windows Applications" to add cmd.exe and command.com as part of the applications that should not run.

As a result, their server is inoperable; and the data center is stating the entire system must be wiped and restored.

Does anyone know how to turn off this feature in either safe mode, command line mode, etc. so they will not have to wipe the entire box?

Thank you.