Using the Windows 7 control strategy to completely kill the Trojan virus

Now, although we have a lot of anti-virus software options, but still encounter anti-virus software prompts that the killing was successful, but the virus file has not been deleted, still remain in The system is awesome. Xiaobian once used the wallet to pass a software but still poisoned the tragic lesson, so through long-term exploration finally found the windows7 control strategy, it can effectively isolate the virus, no longer run the virus, to achieve the purpose of safe operation of the system. This small series will demonstrate this method. Users who need it can use their own computer to move.
Specific method: In the first step, enter "ldpol.msc" in the "Search programs and files" box in the "Start" menu and press the Enter key. The second step, in the "local security policy" interface to find "application control strategy" in the "AppLocker" "executable rules", and "executable rules" in the "create a new rule" ”. In the third step, in the menu of right-clicking the blank area on the right side of the “Create New Rule” interface, select “Create new rule” and enter the new rule wizard. The fourth step, in the interface, select the "privacy" option, set its "action" set to "reject", "users or groups", select "for everything", you can let everyone Neither the system nor the system can run a restricted virus. Step 5: In the “Conditions” interface, we can limit the program operation by three types of conditions: “Publisher”, “Path”, “File Hash”. “Publisher” is judged based on digital signatures. Since viruses usually do not have digital signatures, this item is temporarily unavailable, but this is especially useful when limiting general software. “path” is to directly select the virus file or folder. And "file hash" can limit the virus by hash value, even if the virus copies a lot of copies to different places, it can be completely scrapped. Here we take the “path” restriction as an example. After entering the next step, we click on the “Browse Files” button to select the virus file, and then click the “Create” button. Step 6: Since we created the first rule, there will be a default rule creation prompt after completion. Click ““Yes” to allow the default rule to be created so that the set rules prevent the system file program from being restricted. . Postscript: The restriction rule of such a virus will take effect. You can double-click to run the virus and try to see the virus has been restricted to run. In addition, Xiaobian reminds everyone that if the AppLocker rule is invalid, you can type services.msc in the “Search Programs and Files” box in the “Start Menu” and press the Enter key to open “Services”. , then find the "Application Identity" service project, and set the startup type to "automatic", and then press "start" & rdquo;, the rule will take effect. In the choice of anti-virus software, Xiao Bian advises you to choose software that is updated more frequently, because the virus is also diverse, only the latest software can detect the latest virus.