Our company recently joined a larger company that utilizes Bit9 for application whitelisting. Previously, we had a large amount of users using Harmon.IE to interface with our Sharepoint-based document management system. I'm trying to figure out what to allow in Bit9 to allow the document open process to work in the Harmon.IE outlook add-in.
What's happening is the user tries to open a file from the Harmon.IE pane and Bit9 blocks the auto-generated, randomly-named vbs file used to launch the file from Sharepoint. Since this file is different each time and has a different hash, we can't simply approve the vbs file.
We also can't set wscript as a trusted source as many malware sources utilize wscript. Likewise, can't really allow anything that comes out of Outlook as that would open the door for malware delivery via email.
I'm trying to find out if there's a dll that I can trust somewhere in the stack that will allow these VBS files to be trusted and allowed to run.
Add OpenFilesUsingScript key with default value "False"- harmon.ie will launch files directly without using VB script
[HKEY_CURRENT_USER\Software\Mainsoft\Prefs\OpenFilesUsingScript]
#="False"
A custom rule with an action of Execute Allow on the path of the VBS with the name wild carded as deep as possible should cover you just fine.
Related
My Xamarin forms app required the user to perform a certain amount of configuration before it can be used. Additionally, the app can be run on multiple computers by the same user (There are valid business reasons for doing this.) What I would like to be able to do is backup the configuration of the app to a file that can then be used on another device to automatically configure the app on the new device in exactly the same way. This will prevent the users from re-entering all the configuration information on each device where they wish to run the app.
Something to keep in mind:
It needs to work on all supported Xamarin Forms platforms - UWP, Android, iOS and Mac.
The app itself does not required the device to have a network connection.
The file needs to be savable in a place where the user can access / copy it to another device (i.e. a USB drive, a network share etc.)
What I have tried:
I have tried using the FilePicker plug in but could not get it to save to anywhere outside the application. (A user trying to find the folder here would not be easy.) Saving anyplace else I received an Access Denied error.
I have tried using the System.IO namespace but encountered the same Access Denied error when saving the file to a someplace outside the application.
I guess my last resort would be to display the configuration information in a XF editor control or such or just copy it to the clipboard (if possible) and have the user manually save the data to a file outside of the application. Does anyone have any other suggestions on how this can be handled?
So after trying multiple things and looking at possible solutions, I could not find a way to easily do this. Instead I used the Xamarin Essentials clipboard function and copied the contents of the file into the clipboard. I then display a message to the user telling them to past the clipboard contents into a file. This seemed to be the best I could do for now.
I have a web site (intranet) that allows you to download an executable (currently a .Net Console Application) written in ASP.NET and is using https.
However on many machines I can't run it right away after download - I need to right click on it, go to Properties and click Unblock which makes using this app uncomfortable (users will often have to download this executable and run - every time it is a new one as it is code generated)
Is there any way to make this executable automatically unblocked? Modifying client machine is not an option, but I can do anything with the server.
From the beginning I thought this is impossible as it is a security protection, but Chrome somehow does this. If I take a new PC with IE installed, type Chrome into Bing and install it - I don't have to unblock executable.
So far I've tested this only on W10 Chrome and IE, but I am pretty sure older Windows versions have this problem as well.
The mechanism for showing the untrusted executable dialog is based around alternate Datastreams. The metadata gets added by Windows or the browser when you download something from a network source, thus it is not possible for your file/webserver to influence this behaviour. Windows on the other hand has a ruleset which it uses to apply the flags which can be found in the TrustZone-Settings of your Internet Options.
NTFS has a neat little feature which allows for a file to have multiple contents, also known as alternate Datastreams. This is an NTFS-only feature, so you won't find it on other partition types. This basically allows you to store more data in your file which is not perse visible to the user and cannot be easily found out by a standard windows user. Windows uses those alternate datastreams to mark the origin of a file, especially when downloaded from the inter- or intranet. The Alternate Datastream which is used for this data is called the "Zone.Identifier" and holds an ID to the zone which the file was copied from. When you decide to trust a file you basically tell Windows to remove that datastream.
Windows uses the concept of different zones to classify those files. Windows knows four zones in Total: Internet, Intranet, Trusted Sites and restricted Sites. You can alter the settings and rules for those in the Internet-Options dialog in the tab "Trust Zone"
Security Remark: Before changing your settings for the trust zones in the company consider the security risks of this thrice. As it will allow any executable from those verified sources to be executed, potentially laying way to malicous executables which can then be started by already infected PCs or Users themselves.
The correct way to resolve that issue is to sign that executable with a trusted and valid code signing certificate which is better to be with EV (Extended Validation). Windows will check the certificate when you run the file and will allow it to run without further actions as it is signed with a trusted cert.
Before I attempt to program the following function myself, I wonder if something already exists.
What I would like to do is click an edit link on my website for a given document, and have that document launch in the native editor on my local machine (via a temporary file mechanism).
When I save the document in the native editor, the document is HTTP PUT back to the website. This can be accomplished by watching the file for writes, or watching the editor process for exit.
This way I can more easily edit documents on the web (instead of going through the download / edit / upload cycle).
My design would work as follows:
Register .webedit files on the local machine.
When a .webedit file is downloaded, launch webedit.exe with the file.
The file contains a URL (http://server/document) which is checked against a security database to ensure we're only opening allowed URLs.
The URL is downloaded to a temporary location.
The temporary file is launched in the native editor.
The file is watched for changes, and uploaded (HTTP PUT) on change detection (or when the editor is closed, if it's not a single-instance multiple-document editor).
Lots of FTP / SCP GUIs have this type of functionality, but I have not been able to find it for the web in general, or a shared library that allows you to plug in to this function.
Has anyone seen a program that does this?
SharePoint works like this.
It's great for managing shared documents in corporate environments.
Users can even checkout/checkin documents & the features are very extensible..you can customize pretty much anything if you know how.
Edit:
Since you're on Linux..i've heard that Alfreco is a great alternative.
I've never used it, but I know a couple organizations using it instead of SharePoint.
It integrates with Microsoft Office as well.
Also, it will definitely be cheaper.
I have developed a web based application in ASP.NET and C# where users have the facility to upload files on the server through this application I want the application to Scan the uploaded files for viruses before saving on the server. Same like when we attach files with our email in Yahoo. Please guide me how I can achieve this functionality Any API which can be integrated in ASP.NET application or any other way you can suggest. We can purchase the licensed version of a product which can achieve this. I have googled but did not find specific results.
Thanks in advance!
First of all the file must be saved onto the server before you can scan it. If you notice Yahoo will upload the file first - but not allow the attachment to be sent until scanned.
Then you can use an antivirus with a command line interface or some other kind of API. Both of these can be called via C# and should provide the functionality you require. Parhaps write a wrapper class that takes a file and returns true or false depending on whether a virus was detected.
Other applications that provide you with a command line interface:
Microsoft Security Essentials
clamAv
I believe MS AV provides better results.
Just purchase antivirus software that has a command-line interface (several popular packages include this). Once the file has been uploaded, run the scan.
I would think, in order to upload and scan at the same time, you might need to implement your own antivirus software as I'm not familiar with any package that would provide that sort of interface.
I run a shareware site. It doesn't work as you described, but I download each file to my local computer and run a scan on them. You would be doing something similar.
SO ... here is the scenario ... i have a workflow on a document library that copies a file to a windows directory ... this workflow is set to be started at the time when a new item is added to the document library ... so everything works fine when you are manually uploading files to the doc library ... but the problem occurs when we use emails to populate the doc library instead of the manual uploading of files.
When an email is received ... the workflow starts successfully and runs properly (i have kept workflow history entries to check every section of code is being executed or not) ... the workflow stops when the section where the file is being copied to the windows folder is reached.
I basically think this is a problem with the permissions or access issues. Because when we upload the file manually (i.e. from doc library > upload) everything works fine. But maybe there is some other permission set which is used while an email is received by the doc library ... i have tried by assigning permissions to "Everyone" on the windows folder ... but no luck...
Can someone let me know which windows user account is used when an email is received by a document library? (i think its the IIS default account - but isnt it included in Everyone?? )
One solution which i can devise in my mind is that for the file transfer to the windows folder i should use temporary impersonation for the specific code segment (which writes the doc library file to windows folder) but any suggestions are welcome.
P.S. I dont have access to the server right now so i can only devise approaches in my mind ... cant test them right nw... so it would be good to have all suggestions u have so that once i get the access i can try all stuff :D
This is a well known situation. The system does not know who sent the email so it cannot impersonate a user it has no knowledge about.
Depending on which version of SharePoint you are running, the workflow may not start at all or it may start under the account that published the workflow.
For details see this Microsoft Support Article.