In many environments, users can't install anything without permission or IT intervention. However, considering the sheer number of applications that install without requiring administrative rights on a machine, this policy is exceptionally difficult to enforce. And don't even get me started about the malicious effect of malware on company systems. Faronics Anti-Executable—which ensures endpoint security by permitting only approved apps to run on a system—is a good tool with which to significantly improve this situation.
Installation couldn't be any easier. Download the 19MB file, enter a password for the Faronics Anti-Executable administrator, and accept the tool's offer to scan for existing executables. (This process creates an executable white list.) After a restart, the product is fully installed and ready to go.
Faronics Anti-Executable runs on a white list/black list methodology: If an app is on the White List, it is permitted to execute. The Black List is for explicitly denied executables that should never be allowed to execute. So, Faronics Anti-Executable is much more restrictive than a typical virus scanner, which blocks files that match a certain signature but lets unknown files run. You can build the White List in three ways: You can allow the installation program to scan the computer and add all existing executable files to the White List; you can run the necessary executables, select Run and Add to White List, and enter the administrator password when prompted; and, from the configuration tool's Active White List edit section, you can browse to add files, folders, drives, or UNC paths.
By permitting Faronics Anti-Executable to scan on installation, the pre-existing executables are added to the White List automatically. I selected this option during my testing and didn't find any pre-existing applications that behaved differently after the tool's installation. System performance wasn't noticeably different after installation, either. A new service—Faronics Anti-Executable Service—was running, and in Task Manager, I saw that Faronics Anti-Executable Standard was consuming just over 8MB of memory and 0 percent of the processor on my Intel Atom–based netbook. This is a very lightweight piece of software.
By pressing the Shift key and double-clicking the Faronics Anti-Executable Standard icon in the system tray, you can open the configuration tool (after entering the administrator password), which Figure 1 shows. In this configuration tool, you can change the protection mode, modify/import/export White Lists and Black Lists, add or remove users, enable logging, and export or import entire configurations.
With Faronics Anti-Executable enabled, I logged on to my test machine as a user with administrative rights. I attempted to install the popular Comet Cursor tool from the web. Upon clicking the Install option, an alert popped up, explaining that the installation violated the acceptable use policy. Even as a user with administrative rights on the local machine, I had no option to continue the installation. Next, I attempted to install Weather Bug. Unfortunately, Faronics Anti-Executable doesn't check for .msi files, so WeatherBugSetup.msi installed without any problems. However, as soon as Weather Bug's associated executables tried to start, they were immediately blocked—and denied from automatically starting on any future restart. The problem is that if Faronics Anti-Executable is ever removed, applications that installed from an .msi file will be ready to go and start automatically if they have the necessary entries. (Again, I was using an account with administrative rights, which might not be the case in most situations but was necessary to fully test the product.)
I was surprised to find no tool for scheduling Maintenance mode. If you don't like the idea of manually switching to Maintenance mode, you might want to upgrade to the Enterprise Edition, which includes a scheduler along with a central administration console. Alternatively, you can pair Faronics Anti-Executable Standard with Faronics Deep Freeze, which does include a maintenance-mode scheduler that's integrated with both products. An Active Directory (AD) environment is recommended for the Enterprise version.
Faronics Anti-Executable is an easy-to-use solution to prevent unauthorized executable files from running on your workstations or servers, and it comes with a very low performance hit. Depending on your environment, you might want to consider the Enterprise version. Check the Faronics website for trial software.
Faronics Anti-Executable Standard
PROS: Easy to install and use; no performance hit; excellent zero-day protection
CONS: Lacks scheduling capability; no central admin console
RATING: 4 out of 5
PRICE: $45, includes one year of maintenance
RECOMMENDATION: Faronics Anti-Executable Standard is an outstanding option to deal with everything your virus protection won't catch. But if you don't want to run updates manually, you'll want to consider the Enterprise edition.
CONTACT: Faronics • 604-637-3333 • www.faronics.com