Whitelist/blacklist applications on Windows

benu · June 4, 2024, 3:20am

Hii guys,

Can BigFix whitelist/blacklist applications on Windows?
if possible, how to do it?

Thanks,
Benu

vk.khurava · June 4, 2024, 6:16am

I don’t believe there is a direct way to accomplish this, however I used to create local security policies years ago to prevent specific executables from running on devices; you may apply the same technique to prevent any executable from running.

Policy Path:
Gpedit.exe --> User Configuration --> Administrative Templates --> System --> Dont run specified Windows Applications

Any executable you specify here will automatically have the corresponding reg key appear in the registry at the path below:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

You may easily use the reg format to increase the block list of the programmes you want to block using BigFix action script.

benu · June 4, 2024, 7:23am

Hii @vk.khurava ,
thank you for responding.

Can you give me an example of an action script format for block list ?

vk.khurava · June 4, 2024, 7:52am

Here we go:

benu · June 4, 2024, 9:32am

I’ve tried that script, but it still doesn’t work.

vk.khurava · June 4, 2024, 11:05am

Below method is working for me:

action uses wow64 redirection false 

override wait 
runas=currentuser
hidden=true
wait reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t REG_DWORD /v DisallowRun /d 1 /f 

override wait 
runas=currentuser
hidden=true
wait reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /t REG_SZ /v FireFox /d FireFox.exe /f

benu · June 5, 2024, 2:34am

The problem has been resolved, thanks for helping me.