I might also have a Smart Group that looks for the TorBrowser.app on systems, and a corresponding policy to delete it with a script. I haven't tested this, but my guess is this may work to make the application unusable once that executable is deleted. Have the Restricted Software item in place to locate and kill tor.real, and also delete the tor.real executable. If it were me, I would take a multi pronged approach here. Unbelievable.Īnd yes, it seems killing the tor.real process causes it to complain that it had a problem and needs to be restarted, but doesn't completely kill the app. In fact, there is an executable inside the TorBrowser.app bundle in the "MacOS" folder labeled as "Firefox" There are several other folders inside it with other executables like "tor" and the "tor.real" one. I can confirm it in fact masks itself as Firefox. Wow, it masks itself as Firefox? Are you certain about that? You didn't also have Firefox open at the same time did you? If that's what its actually doing, that's pretty sneaky!Įdit: Nevermind. At my school, out end-goal is to teach the users how to use the technology safely and effectively, regardless of whether they are in our classroom(s) or not. Teaching the end-users about being careful about installing software and not using questionable browser extensions will go a lot farther to our end-goal than obtuse and overbearing management. What's going to work the best? In my opinion, user education is better than heavy-handed lockdown. When found, I have a smart group that emails me once one of them is installed and then I can call the end-user in for a conversation about the AUP violation of attempting to bypass our network filter. For a few of the more gray-area browser extensions (Hola, Tor, Cupcake, etc.), I've written some extension attributes that scan the browsers looking for them.For MacKeeper, which is not detected by Sophos or Adware Medic, I've added the binary as a "restricted application" so if a user actually manages to install it, when it attempts to run, the management will kill it, delete it, pop up a message to the end-user, and then email me.This has been helping me to detect which machines have some malware and then I can pull them in, or send the user an email telling them to download AdWare Medic from Self Service and scan. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |