Sign in to follow this  
Followers 0
Elieder

Is there a way to detect (and block) a folder creation?

2 posts in this topic

#1 ·  Posted (edited)

I'm new here... first some biography to make my intentions clear... in the last weeks I found autoit like a very powerful language to make my job easy (system cleaning, "no-formating" troubleshooting), so I decided it give a try, and convert all my batch files to au3 files. Scripts like stopping service from bloatware programs, unused or useless Windows services, resolve Windows/network errors with registry modifications, removing virus, pups and adware-like programs (a long list of other Windows problems here), etc.
In the virus and PUPs prevention, I started to create a folder on %ProgramFiles (x86)% (or just %ProgramFiles% on 32 bits machines), with write protection... so:
 
REM COPIED FROM MY BATCH SCRIPT!
md "%folder%"
icacls "%folder%" /deny *S-1-1-0:(OI)(CI)W
Prevents all adware with %folder% name from being installed on that folder. And works fine! BUT, there are some that has different names, like first character capitalized, or just a duplicated char, or "_01, _02" in the end of name.. just to avoid this way of protection commonly used by security programs (that searches files and folders by its "fixed" names). And, it's very incovenient to have thousand of folders in %ProgramFIles%, so, I had another idea. And we finally reach the first (and only kkk) question... Is there a way that I can create a program that can block a folder creation? Because if yes, I will try to create a "ProgramFiles Firewall" that with some regex and a database of adware names, block unwanted folder from being created... I'm already warned that maybe it's a kernel level task... (and sorry for my possible english errors, I'm just learning)
Edited by Elieder

Share this post


Link to post
Share on other sites



Not only are you looking at a kernel level task, but malware in general is constantly evolving. You would have to constantly be updating your database with new definitions. What you're talking about writing is anti-malware software.

I'm not sure AutoIt (much as I love it) is the language you should even attempt this in, and really not sure - with the questions you are asking already, if it is a project you should be undertaking. Sounds like you're in for a lot of headache and frustration.


When you're dead, you don't know you're dead - it's only difficult for those that know you. It's the same way when you're stupid...

My Scripts: SCCM UDFInclude Source with Compiled Script, Windows Firewall UDF

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0