The reason why computer viruses have become the number one public enemy of network security is because of its strong communication and because of its difficult to remove characteristics. We often encounter some viruses that are difficult to remove. Even if the anti-virus software prompts that the killing has been successful, the virus files have not been deleted and remain in the system for good fortune. If we want to deal with this kind of virus, we should change our mind. If we can't delete it, then we simply don't delete it. Instead, we restrict its operation through some built-in functions of the system. As long as it can't run, it can't be destroyed naturally. It is. In this issue, let's take a look at how to use the software control strategy that comes with the Win7 system to limit the operation of the virus.
Tip: Why is it difficult to remove the virus?
In the face of certain viruses, anti-virus software can only achieve the effect of virus detection. Why is this happening? Antivirus software should not kill the virus? In fact, this can not blame the anti-virus software, but to blame the virus is too embarrassing, using technical means to make anti-virus software helpless. Let's analyze the two reasons why anti-virus software can't remove the virus:
1, 狡“toxic” three caves.
Some viruses copy virus files to multiple locations on the system in order to prevent themselves from being killed by anti-virus software. Among these virus files, the anti-virus software will be deliberately killed and killed, and several other virus files will be encrypted to avoid killing. After the anti-virus software deletes the exposed virus files, other virus files will secretly recover them. This is why some viruses feel that they will never be cleaned up.
2, the virus file is being used by the system.
We all know that the running program can not be deleted, because the program has a lot of dll dynamic link library files and the system hook, the virus is using this principle, the dead and the system stick together, antivirus software wants to kill I? I deleted the system together. The best way to deal with this virus is to limit its operation so that it can exist, but it can't be evil, just like building a prison for it.
Win7 adds a lot of features to Windows XP. Although these functions are rarely used, they are very useful, such as the AppLocker function, called "application control strategy", we can easily create pairs with it. A restriction policy for a program. The virus used to deal with "psoriasis" is the most appropriate.
Step1: Click “Start”→In the "Search Programs and Files" box, enter “secpol.msc”→Press Enter →Open Local Security Policy Window→ find application control Strategy → AppLocker & rarr; executable rules.
Step2: In the right-click blank area right-click menu, select “Create new rule”→ Enter the new rule wizard.
Step3: Select the "Permissions" item, set its <;action" to “reject","user or group" select as "Everyone", so that everyone can't run Restricted viruses, including the system itself.
Step4: Check the <quo;conditions” item. Here we can limit the program running through three types of conditions: "Publisher", "Path", "File Hash". “Publisher” is judged based on digital signatures. Since viruses usually do not have digital signatures, this item is temporarily unavailable, but this is especially useful when limiting general software. “path” is to directly select the virus file or folder. And "file hash" can limit the virus by hash value, even if the virus copies a lot of copies to different places, it can be completely scrapped. Here we take the “path” restriction as an example. After entering the next step, we click on the “Browse Files” button to select the virus file, and then click the “Create” button.
Step5: Since we created the first rule, there will be a default rule creation prompt after completion. Click ““ is”, allow the creation of default rules, so as not to set the rules to make the system files. The program is restricted.
Such a restriction rule will take effect. We can double-click to run the virus and try it out. Did you find that the virus has been restricted from running?
Tip: If the AppLocker rule is invalid, click “Start”→Search & Programs & Files> In the box, type services.msc→ press Enter → open “service”, find the ApplicationIdentity item, set its startup type to “auto", then press “start” to make the rule take effect .