Microsoft's Sysmon can now block exe files from being downloaded

The new version of the Microsoft System Monitoring Service they will The creation of executable files can now be prevented. The FileBlockExecutable event can prevent a program from downloading or copying .exe or .dll files to your hard drive.

Blogger Olaf Hartung Show job With this configuration file:

Executable files cannot be copied to the Downloads folder with this. exe file download. Using Edge will cause an error to appear immediately. It is also no longer possible to create a copy of an executable file in the same folder (for example using the “copy” command at the command prompt).

For each block, a notification appears in Windows Event Viewer (eventvwr.msc), with the location of the file (uncreated) and the process that attempted to create the file.

This feature may be useful for system administrators to prevent users from downloading .exe files. Malware can also be repelled by this, although you must first know the folder (or process ID) you are typing in, and then the damage may already be done.

