![]() This means we a looking a regular drive-by-attack and fake updates/malicious software from websites to get it started. Bad Rabbit is mainly delivered using a fake Flash Update. Bad Rabbit ransomware is currently roaming Eastern European countries. Also I should have a few videos to put out – I need to, now that thanks to everyone in the EUC community I’ve cracked the 1,000 subscriber mark, I am eternally grateful (and also to Rory Monaghan for driving the subs to me).A new ransomware has seen the light. Stay tuned for some upcoming cool stuff to help you manage Teams (and your general Citrix environment) better – all things being well, it should be dropping by the end of the week. As I said earlier, this is a very permissive set of AppLocker policies and really if you are going to implement AppLocker, you should take the time to set it up properly and drastically improve your security posture, but for blocking Zoom, it works just fine. So, if you find yourself in the same boat as me, and forced to come up with a way to use GPOs to restrict access to Zoom, this offers you a way to cut the users off without too much trouble. However, even if users manage to install the extensions and/or add-ons, the policies we configured earlier should still prevent them from joining meetings, so we are again simply using this to add a multi-layered solution. If you have Firefox, you need to block the add-on as well. For an in-depth discussion of AppLocker and other whitelisting technologies best practices, consult the Microsoft documentation (or read this article – which may have someone else’s name on it but was actually written by my good self).įirstly, right-click on the AppLocker node, choose Properties, and switch the Executable Rules setting to “Enforce rules” as belowĮdge Chromium doesn’t have the same extensions whitelist and blacklist policies, but neither does it yet have a Zoom extension, as far as I am aware. In an enterprise environment, it would be better to block in a “whitelisting” rather than a “blacklisting” capacity, but setting up in this way requires a degree of due diligence to be performed first. Note – this article suggests setting up AppLocker in such a way so that only the Zoom executables are blocked. Go into Computer Config | Policies | Windows Settings | Security Settings | Application Control Policies | AppLocker Next, switch over to your Group Policy Management Console and fire up a new policy to apply to your targets. ![]() You can do this either by trying to join a Zoom meeting, or simply go to In order to block Zoom, first get yourself a copy of the Zoom executable you can use as a reference. So for once in my life – I’m going to lean away from FSLogix □ĪppLocker is the natural next place to land, because we want to be able to block this specific executable from running. It generally saves itself to the user’s Downloads folder with a name of zoom_lotsofrandomtrash.exe as belowįor once it’s kind of tricky to use FSLogix App Masking to hide the Zoom executable in this way, as a) you’d have to block the folder potentially, as the filename can change, and b) users could just move it somewhere else. The browser option is a bit slippery as it doesn’t appear to use an add-on or extension of any kind – it runs natively in the browser itself.įirstly, let’s deal with the obvious one – blocking the execution of the Zoom installer. You are normally sent a link to a Zoom meeting, and from there you can download the Zoom client which installs itself into the user profile, or you can simply join within the browser. Users generally access Zoom in one of two ways. Group Policy was the only tooling at my disposal, so I had to skin GPOs to meet my needs. Naturally the first thought is to simply block access to the Zoom website at the perimeter, but for a variety of reasons, this wasn’t an option where I was – it had to be something done in-session. I’m not here to discuss the ins and outs of whether Zoom should be allowed to be used or not – I know of plenty enterprises where it is allowed as well as those where it is banned – but if you do find yourself told to take the ban-hammer to it, this is how you could achieve that. In a lot of enterprises, use of it has been banned outright because of concerns about the code base and privacy. ![]() Many security teams, though, don’t share the rosy view of Zoom that most of the world’s user base seem to have. I’m sure you’re all familiar with Zoom – it saw a rapid explosion in usage once the COVID pandemic took off, and is on the verge of becoming a byword for video calling. I had a requirement recently where I needed to cut off access to Zoom from my Citrix Virtual Apps and Desktops environment.
0 Comments
Leave a Reply. |