Win 7 - Don't run application

TinaKellogg

Distinguished
Dec 16, 2010
14
0
18,510
Hello,
What is the correct procedure for preventing a specific program from running on Windows 7 (by any process)?

:heink:
gpedit.msc only prevents the running of applications from the Windows Explorer process, and does not disallow processes run from cmd.exe, system process, or even other processes.

OS: Windows 7 Professional 64-bit
 
I'm not aware of any way to prevent a specific executable program from being executed via the base Windows APIs. I think the only way to do it would be to replace the Kernel32.dll (and equivalent 64-bit library) with copies that have customized versions of the CreateProcess routine.
 

TinaKellogg

Distinguished
Dec 16, 2010
14
0
18,510


Unfortunately that only works for about 30 minutes before a separate (necessary application) re-runs it. I had been disabling the security rights to the executable, but now they are completely replacing the .exe, and that in turn re-enables their "screen spam".
 

verbalizer

Distinguished
^
check that first, I found that right after I typed below.
so you might dis-regard.

get all info on this 'culprit' including direct path, then boot into safe mode and try and kill by delete first
and then second would be to rename it with some 'BS' ending if the delete didn't work.
 

TinaKellogg

Distinguished
Dec 16, 2010
14
0
18,510
Not sure what more I can add to get a solution... but an admin email suggests I post something or forget about getting an answer from this forum :eek:

I should note, that other boards have suggested that that I merely change the permissions on the security of the exe or dll files. That used to work until they revised the "auto updater" to spam "you must restart your PC" messages so they could replace the files I blocked.

:fou:
 

TinaKellogg

Distinguished
Dec 16, 2010
14
0
18,510
Well, while this thread question didn't actualy get a final resolution for the nedded procedure, the company that caused the problem has backed off on the frequency of their spam adds, WOOHOO!

So for continued effort, I will give the solution credit to malmental. Thanks for your continued efforts on this item =)