Prevent that unknown executables are started on Windows
Windows does not offer options to prevent users from accessing executable files. While NTFS does offer a rights-system it is only valid on NTFS hard drives and does not come into effect if a user plugs in a USB drive, CD or floppy disk. Many computers get infected nowadays by users running software from USB Flash Drives, email attachments or Internet downloads.
While the majority of files run this way are probably clean, infected files get executed as well which infects the system and if things go really wrong, other devices on the network as well.
Trust No Exe is a Windows security software that prevents any unknown executable file from being started on a Windows system. It features a whitelist and blacklist and requires some time to fine tune the list so that no trusted programs get blocked from being started. The concept behind Trust No Exe is that it works as a content filter filtering all executable files even if they come with unknown or invalid extensions.
Trust-no-exe hooks into the operating systems routines for creating a process and loading it into memory. If the operating system attempts to load any compiled code into memory ready to give it execution as a process or thread, trust-no-exe will jump on it and prevent the code from being loaded into memory. Therefore trust-no-one doesnâ€™t rely on the file extension and can not be easily fooled.
The Windows folder and the Program Files folder are added by default because these contain files that need to be accessible for Windows to start. The next steps require some time, as you need to add additional locations that contain executables that you consider trustworthy to the program. This includes programs that are stored elsewhere for example.
A good tip that I found in the Trust no Exe manual was to set read only rights for folders that do not require write rights to prevent malicious code from slipping in one of those trusted folders where it can be executed.
It does catch email attachments and supports networks and cloning settings as well. Strange that I never heard about this gem before.
Update: The program is no longer listed on the developer website. We have uploaded the latest version of Trust No Exe to our own servers. You can download the program from here: Trust No Exe