5 replies to this topic

[fasttimes]

Out of all our employees, I have one person who has been a constant and PITA whose problems outnumber everyone else in the company combined by an order of magnitude.

It is getting beyond ridiculous. We have Trend Micro Messaging Security Suite. NO ONE else ever gets a virus or malware that it doesn't take care of. I've tried shutting down his admin access so he can't install applications, but then he screams bloody murder about it.

Would there be a way to install Malwarebyes applications on his machine so that it will prevent him from sticking a fork in his eye?

Would the anti-malware be enough, or would I have to go for rougeware pro as well?

Is there a way to prevent him from uninstalling these apps?

Thanks

One frustated dude.

[AdvancedSetup]

Plenty of things one can do.
We would need more information about the environment though.

Is your network a Windows NT4, or 2000/2003 Active Directory or are your systems just in a workgroup?

How is Internet access managed? Do you have a managed fire wall appliance?

Basically as long as he is not educated enough to overcome it then you could use policies to stop a lot of behavior and place ACL (Access Control Lists) with DENY permissions for him to delete. You could also place an entry in the Registry to prevent the casual user from being able to uninstall as it will be grayed out.

Be warned though that an educated user with Admin rights can not be stopped.

The paid version of Malwarebytes would be a good addition, as well as Spyware Blaster - you need to be careful though with what you do put on the system if you want to also manage it remotely as some software could hamper your ability to remotely manage the system.

What operating system is the workstation using?
How big is the Company and what recourse do you have with upper management about this user?

Take and read this article and let me know if you have any questions.

Running Windows Under Non-Admin Accounts

Power User is much better for you than Administrator - can do just about anything but can't take control away from you.

[nosirrah]

I can tell you this . While MBAM is designed to directly go after the malware people surfing for trouble will find it cant stop someone that works at getting infected for long enough . It will help detect a lot of new malware that comes from the "fun" side of the internet but is not perfect , nothing is . If he is stopping you from checking where he has been going by any simple cleaning method (like windows disk cleanup) you can still hex view the index.dat files to see the truth . If you turn on autocomplete you can also see what he is searching for . Keep in mind that this assumes that this is a company computer because this is an invasion of privacy if its not .

I designed two batch files a few years back that used subinacl to lock and unlock many of the hijack points malware uses to run on reboot . I dont know what this computer is being used for but this could be useful to allow admin access and restrict many of the same things a limited account does . This is exactly what AdvancedSetup is talking about but with automation and an undo option (but you wont be telling this guy where the on and off batch files are) .

I have never been to impressed with Trend , keep in mind that it takes alot to impress me . I usually suggest Antivir antivirus free to be used with MBAM pro but since this is a business you will need one of their pay products . Between the heuristics of Antivir and the detection rates of MBAM for this type of threat it would be a lot harder for this guy to get infected .

[JeanInMontana]

I can't read this and not chuckle. Most large networks do not allow employees administrative rights. The fact that this joker is using them to get himself in trouble and put the entire network at risk is certainly grounds for taking them away and in many companies being a repeat offender would send him packing. He must be downloading stuff that is 1. not part of the job, 2. maybe even illegal.

Nothing is fool proof and like nosirrah says Trend ranks low IMO too. This person will probably get themselves in a mess no matter what you do unless you stop them from installing stuff. Why let him get away with it?

[John L. Galt]

Because people in upper level management usually have the mouth power to make people's heads roll f they don't get their way. And the squeaky wheel gets the grease.

I am guessing that this is either a smaller company, or else that the individual in question has a god complex about himself.

[GT500]

nosirrah, on May 8 2008, 08:07 AM, said:

I have never been to impressed with Trend , keep in mind that it takes alot to impress me . I usually suggest Antivir antivirus free to be used with MBAM pro but since this is a business you will need one of their pay products . Between the heuristics of Antivir and the detection rates of MBAM for this type of threat it would be a lot harder for this guy to get infected .

I agree. The last time I saw Trend "protecting" a computer it was more of a joke than Norton and McAfee.

As far as AntiVir, it does a great job, and has good detection ratings. While my personal preference for paid anti-virus protection is for NOD32, AntiVir often beats NOD32 at detecting new stuff. Of course, if you want the best respose time, no one beats Kaspersky. The guys at Kaspersky Labs have shocked me with responses to new viruses I have submitted within 20 minutes of me e-mailing it to them. Most companies take at least a few hours (if not a few days)...

JeanInMontana, on May 8 2008, 10:58 AM, said:

... Most large networks do not allow employees administrative rights...

Starbucks being the exception to the rule... Oh well, at least I frequently get paid to go to their Indy office and reimage laptops...