Monday, December 23, 2024 5:09:15 AM

Running of programs

7 years ago
#4027 Quote
I am trialing secure lockdown.  I am a little concerned because of the admin rights that are required.  The issue I have come across...certain sites have links to things like facebook or youtube.  On the top is a link to install google chrome or some other browser.  The user is allowed to run the installation program.  I was able to prevent this by disallowing downloads, however, many sights display PDF documents that need to be downloaded to temp folders first and these are prevented from being displayed.  Is there a way to disable the installation of programs from a link on a website?
0
7 years ago
#4028 Quote
Do you have the System Lockdown > Machine Level > No App Install option enabled? If so, programs will be prevented from being installed.
0
7 years ago
#4029 Quote
Yes.  THat is the part that concened me  Here are my settings that are checked:

System Lockdown

Local Level

No Logoff, no local drives, no auto play, no system keys, no desktop, no network shares

Machine Level

No Shutdown, No Ease of Access, No Help & Support, No App install, No removeable USB, No new USB devices, No Windows updates

IE Lockdown
No Open dialog

We have a site that we only want users to access via point and click.  But a lot of websites have social media

Here is a websitehttp://www.kdheks.gov/hcf/ that has links to youtube.  From youtube there is a link that installs chrome.  Clicking on that link downloads and installs chrome.  I also navigated to a firefox video and was given the option from the mozilla account to install firefox.  IT will download and install.  I can stop this if I check "no downloads"  in the general options for IE lockdown, but when I do that, a LOT of pages that link to pdfs won't work because they apparently have to download (assuming to temp files) to be viewed in the browser.

0
7 years ago
#4030 Quote
I'm discovering a bit more...apparently it will allow web browsers to download.  I tried setting up some pages with links to a java install and a visio viewer install and they are not allowed.  That's promising, but why would it allow browsers to install?
0
7 years ago
#4031 Quote
If your main concern is to allow PDF viewing, try the PDF Extension.

https://helpx.adobe.com/acrobat/using/display-pdf-in-browser.html
0
7 years ago
#4032 Quote
My main concern was that Chrome was able to be downloaded and installed despite "no downloads" and "no app install" being checked.  Firefox would not allow a download, but if I changed the settings to allow them, the Firefox could download and install.  I really like what I am seeing here, but I have to convince our security guys that it really will prevent programs from being downloaded and installed - if Chrome blasts thru all the settings and sucessfully loads, how can I assure them that this is the only program that will install, despite "no app install" being checked?  If it allows one, why was it allowed?  

The deal with PDF's is that they won't load if no downloads are checked.  If I can uncheck no downloads and insure that "no app install" was stopping all apps, I could get my security team to okay using this
0
7 years ago
#4033 Quote
Are you testing Secure Lockdown - IE Edition, or Multi App Edition?
0
7 years ago
#4034 Quote
IE Addition for now.  
0
7 years ago
#4035 Quote
When the "No App Install" option is selected, Chrome will not install. Are you sure it wasn't already installed?
0
7 years ago
#4036 Quote
Thank you.  Chrome WAS installed.  I uninstalled it and restarted and it did not load.  HOWEVER - Firefox still did, even though it wasn't installed.  If I can get over this hump, everything looks good
0