I used a combination of blocking the ActiveX in Office documents and McAffee EpO/Virus Scan 8.5 and the user defined rules.
The first stops them being imbeded in excel/word (obviously) the latter I have used to prevent them funning any SWF (and BAT/EXE/MSI/CMD/COM/MP3) files from flash memory, their desktops, home areas and any other area that they can write too.
If I was in your situation I could also allow a small network location for pupils to save their course work and this could be agressively monitored. I also found that content checking the E-mail when this was going on here proved usefull for removing unwanted documents.
does gamekiller2 work with xpOriginally Posted by peterp
Yes. You may need to tailor the paths that it uses as these are designed for our RM CC3 network, but its just a VB.net program that runs under windows xp.
All the paths that are used for config files are in the programs .ini file.
thanks for the solution will try that
Don't mean to be a pain, but does this work with a specific version of Internet Explorer? Can't remember what I did to get it working on Server 2003 but can't seem to get it to find a correct hash for a game in IE on one of our student workstations (Windows XP, IE 6 (A minor version number lower than that of Server 2003)). Almost every time it'll copy the game out even if it's in the hashlist if MAKECOPY is on. Registry file applied too, so it's not missing any of it's prerequisites as far as I'm aware. This said, it detects games properly if loaded in Flashplayer and closes flash player fine.
Anything really obvious I'm missing because I think I've nailed everything.
This looks great, just need some help/directions on implementing it on and windows domain. Any assistance is appreciated.
Thanks in advance,
Dave
It should work for any version of IE that I am aware of. It has only been tested under IE6 on CC3 (xp) workstations mind you as this is all we run.
It will only copy the file if it doesnt find a matching hash in the hashlist.txt file.
Are you sure you have correctly used the MCPHasher program to generate the hash of the game? (its a terrible peice of software currently, must get around to re-writing it)
The procedure is to copy the games out of the toCheck folder into a games folder, preferably stored on the C drive. Run MCPHasher, and go file-open, navigate to the MCPList directory and open hashlist.txt
Click ADD and navigate to the games folder on C. The new hashlist should be generated then, and any duplicate entries removed (based on hashvalue only. it will not remove duplicate names). Close the MCPHasher and it will prompt you to save the hashlist. Navigate to MCPList directory and double click hashlist.txt
If the MCPlist directory is readable from a student account, they should pick up the new list within 5 mins (default) or based on the timer you set in mcp.ini
For flashplayer it doesnt match any hashes, it just closes everything down, game or not.This said, it detects games properly if loaded in Flashplayer and closes flash player fine.
Anything really obvious I'm missing because I think I've nailed everything.
Can I thank you peterp - I installed this little gem on our system on Monday, and the number of swf games stored in user areas has dropped to nil in only 3 days. Teaching and learning now has a chance!
Yeah, nailed it thanks. I didn't have any luck in getting MCPHasher to work initially so I used another tool to do it for me, which doesn't remove duplicates, and also capitalises all the letters in the strings, which might have been what was causing the unexpected behavior! MCPHasher is alright so long as, if you don't have a hashlist initially (You're trying it out for the first time) create an empty text file and get it to open it.
This is a very snazzy piece of software I must say. I did VB6 at college and it's quite interesting to see it's almost the same 9 years on in VB 2008. The code is really clear to read too, nice job! I'm a considerable stats whore so will probably look at adapting it with a web-based frontend for configuring it and compiling output logs, but no idea when I plan to look at doing that. Kids are going to love it, might be tempted to try this at home to see what my brother thinks of it!
Well, I have been teaching myself VB.Net for a couple of months now, and now I have found the Filesystemwatcher object I will be doing a complete re-write using these rather than timers.
The program will watch a list of specified drives for any file being opened, and then process them to see if they are games. This will also be able to detect SWF embeded in excel files (which our little dears use to get around IE, FLASHPLAYER and MEDIAPLAYERCLASSIC being filtered)
So hopefully in a couple of months there will be a shiney new version to play with.
On my wishlist is socket communications, so the client can be connected to from a server for instant updates, and logging, rather than the fileshare based system used at the moment.
Will this have the fuctionality for exe embeded in word?
Do you mean Shockwave flash? or VBA?
If i have a couple of samples of files I *MAY* be able to work out some sort of signature to check against.
For instance, I have a test harness running that detects embedded shockwave in excel files by checking the file for the string \.f.l.a.s.h...o.c.x which occurs in every file I want to target (and I very much doubt this string would occur naturally in a worksheet :-)
I may be able to do a similar thing to other files. (although my algorithm for checking for the existence of a string in a file that may be larger than available memory is VERY greedy and needs to be re-written)
as we cant disable activex in office, the kids have now figured out that they can make word documents at home, drag in swf and exe files into word, or add them through the insert menu save the file as a word doc, then open it up here, double click the exe and it runs.
a massive massive security hole, I just wish ms had a gpo that you could specify which filetypes can be embedded in word.
Do you use a CC3 network? I have just tried this here with an execuatable, it works as an admin, but when I try to open the same document as a student user and double click the executable embedded in the document, it gives an error stating 'Object was created in package. This application is not available to open this object ......'
I've downloaded the gamekiller2 application and installed (as per your instructions) on our RM CC3 network. Leaving all the fields in the ini file as default it "kills" flashplayer whenever someone tries to run it. This information is also logged in the logs folder that I created in W:\mcplist\
I have tried adding a few swf files to the hashlist.txt (which appears to work), but if I try running any "new" swf files, it doesn't appear to copy the swf file to the "tocheck" folder that I also created. I don't believe this is a permissions problem as I have set the folder (temporarily) to EVERYONE, FULL CONTROL for testing purposes. Also there are instances where I would like flashplayer to run (for legitimate purposes), so I tried removing "flashplayer" from the mcp.ini file and so now it shows:
KILL=
....with no entries. In this state nothing gets blocked. It is essential to have a program entered in this field?
Just one last question. Do you have any updated versions, or is the link to the one you posted on 9th March the most current?
Cheers
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote