Using the Windows 7 control strategy to completely kill the Trojan virus

Now, although we have a lot of anti-virus software options, but still encounter anti-virus software prompts that the killing was successful, but the virus file has not been deleted, still stay in the system Wei Zuofu. Xiaobian once used the wallet to pass a software but still poisoned the tragic lesson, so through long-term exploration finally found the windows7 control strategy, it can effectively isolate the virus, no longer run the virus, to achieve the purpose of safe operation of the system. This small series will demonstrate this method. Users who need it can use their own computer to move.
Specific method:
First step, enter "ldpol.msc" in the "Search programs and files" box in the "Start" menu and press the Enter key.

Second Step, in the "Local Security Policy" interface found "<; Application Control Strategy" in "AppLocker" "Executable Rules" & "Executable Rules” "Create a new rule" in the middle.



































Step 4, in the interface, select the "Permissions" item, set its "Operation" to "Reject", "Users/Groups" and select "Everyone". Make it impossible for everyone and the system to run a restricted virus.

Step 5: In the "Conditions" interface, we can limit the running of the program by three types of conditions: "Publisher", "Land", "," Greek & rdquo;. “Publisher” is judged based on digital signatures. Since viruses usually do not have digital signatures, this item is temporarily unavailable, but this is especially useful when limiting general software. “path” is to directly select the virus file or folder. And "file hash" can limit the virus by hash value, even if the virus copies a lot of copies to different places, it can be completely scrapped. Here we take the “path” restriction as an example. After entering the next step, we click on the “Browse Files” button to select the virus file, and then click the “Create” button.

Step 6: Since we created the first rule, there will be a default rule creation prompt after completion. Click ““ is” to allow the creation of default rules so that the rules are not set. The system file program is restricted.

Postscript:
The restriction rule of such a virus will take effect. You can double-click to run the virus and try to see the virus has been restricted to run. In addition, Xiaobian reminds everyone that if the AppLocker rule is invalid, you can type services.msc in the “Search Programs and Files” box in the “Start Menu” and press the Enter key to open “Services”. , then find the "Application Identity" service project, and set the startup type to "automatic", and then press "start" & rdquo;, the rule will take effect. In the choice of anti-virus software, Xiao Bian advises you to choose software that is updated more frequently, because the virus is also diverse, only the latest software can detect the latest virus.