+ Post New Thread
Page 6 of 12 FirstFirst ... 2345678910 ... LastLast
Results 76 to 90 of 173
Windows Thread, Blocking Flash Games Software restriction Policies... Hash in Technical; Originally Posted by tom_newton Dirty, but you could shell out to pskill? The problem isnt killing a process, its finding ...
  1. #76

    Join Date
    Jan 2009
    Location
    Burton On Trent
    Posts
    140
    Thank Post
    24
    Thanked 30 Times in 22 Posts
    Rep Power
    17
    Quote Originally Posted by tom_newton View Post
    Dirty, but you could shell out to pskill?
    The problem isnt killing a process, its finding out which process has the file locked.

  2. #77
    EJWill's Avatar
    Join Date
    May 2009
    Location
    Dunstable
    Posts
    55
    Thank Post
    4
    Thanked 37 Times in 13 Posts
    Rep Power
    17
    When I was browsing through the FileSystemWatcher library I never found anything that might signify OnAccess. How wrong I was, I apologise for the unintentional misdirection

    However surely if the file is a registered game in the hashlist. One could also save the deletion until the resource becomes available to do so? With the previous release of your programme, we tested out a few logging ideas. Such as recording every instance a SWF file was loaded. Builds up a nice history to show to their form tutors.

    What I have done to those I have caught via a remote session, is change the SWF file permissions to deny total access for students. As soon as they load the SWF again, the SAFlashPlayer just stays white and never loads.

    I can't thank you enough peterp for giving a few of us hope, the battle might soon be over! Well until the next bright spark comes along...

  3. #78

    Join Date
    Jan 2009
    Location
    Burton On Trent
    Posts
    140
    Thank Post
    24
    Thanked 30 Times in 22 Posts
    Rep Power
    17
    Yes, the onaccess is really to do with a property change (last access time changing). This is triggered when the file is opened (and thus locked) and when the file is closed (and then, yes, you can delete it or change its permission or otherwise mess with it)

    Ideally I want to stop them playing it in the 1st place, else they just bring in a load, and play each of them once. Or copy them back from laptop /memory sick/mp3 players etc.

    But the more I look into the problem of unlocking a file, the more it looks like it will beat me.

  4. #79
    Danielbarron's Avatar
    Join Date
    Feb 2009
    Posts
    21
    Thank Post
    0
    Thanked 5 Times in 4 Posts
    Rep Power
    12
    Quote Originally Posted by Nikthomas View Post
    We block hash keys with a piece of software called Securus
    Have you a URL to the software?

    I know of Securus the company who do E-Safety software but this monitors and does not actually block.

  5. #80
    EJWill's Avatar
    Join Date
    May 2009
    Location
    Dunstable
    Posts
    55
    Thank Post
    4
    Thanked 37 Times in 13 Posts
    Rep Power
    17
    I can't see why it can't be done peterp.

    Are you able to post a snippit of your code? One of us might come up with something ingenius!

  6. #81

    Join Date
    Jan 2009
    Location
    Burton On Trent
    Posts
    140
    Thank Post
    24
    Thanked 30 Times in 22 Posts
    Rep Power
    17
    Well, this is a bit like exposing myself, but here is a section of (badly written, badly commented code)
    There are a couple of global variables used, and much of the code is commented out as it was put in for debugging purposes.
    The actual deletion routine is currently commented out too.

    The code will (with the correct test harness) scan any opened file for a specific string (which in this case identifies the presence of embedded swf in .xls files.)

    The one that does MD5 hashing is very similar.


    Code:
        
    Private Sub FileSystemWatcher2_Changed(ByVal sender As System.Object, ByVal e As System.IO.FileSystemEventArgs) Handles FileSystemWatcher2.Changed
    
            ListBox1.Items.Add(e.FullPath & " : " & e.Name & " : " & e.ChangeType.ToString)
            If (e.FullPath.Equals(last)) Then
                'ListBox1.Items.Add("Ignoring that one")
            Else
                'ListBox1.Items.Add("Scanning...")
                Try
                    If doRead(e.FullPath) Then
                        'ListBox1.Items.Add("Deleteing " & e.FullPath)
                        'File.Delete(e.FullPath)
    '1st time this event is caught, the file has just been opened, and is thus locked
    'the 2nd time the file is closed and can be deleted.
    'Given the variable e.fullpath I need to find the handle of the process that has it locked.
                    End If
                    If (last.Equals("error")) Then
                        last = "none"
                    Else
                        last = String.Copy(e.FullPath)
                    End If
    
                Catch ex As Exception
                    'ListBox1.Items.Add(ex.Message)
                End Try
    
            End If
    
    
        End Sub
    
        Private Function doRead(ByVal fn As String) As Boolean
    
            Dim c As Byte
            Dim ca(50) As Byte
            Dim st As String = ":"
            Dim fsReadable As Boolean = True
            Dim found As Boolean = False
    
            Dim oFile As System.IO.FileInfo
    
                oFile = New System.IO.FileInfo(fn)
    
                Dim fs As System.IO.FileStream = oFile.OpenRead()
                While fsReadable
                Try
                    c = fs.ReadByte
                Catch ex As Exception
                    c = 46
                    fsReadable = False
                End Try
    
    
                    If c = -1 Then
                        fsReadable = False
                    Else
                        If c < 32 Or c > 126 Then
                            c = 46
                        End If
                        st = enqueueChar(c)
                    'ListBox1.Items.Add(st)
                    End If
                If st.ToLower.Contains("\.f.l.a.s.h...o.c.x") Then
                    found = True
                End If
                    st = Nothing
                End While
                fs.Close()
                fs = Nothing
                Return found
        End Function
    
        Private Function enqueueChar(ByVal c As Byte) As String
            Dim st As String = ""
            Dim squeue(50) As Byte
            Dim count As Integer = 0
            queue(qe) = c
            qe = qe + 1
            qs = qs + 1
            If qe > 49 Then
                qe = 0
            End If
            If qs > 49 Then
                qs = 0
            End If
    
            While Not qe = qs
                squeue(count) = queue(qs)
                count = count + 1
                qs = qs + 1
                If qs > 49 Then
                    qs = 0
                End If
            End While
            count = 0
            qs = qs + 1
            st = Encoding.UTF8.GetString(squeue)
            Return st
        End Function

  7. #82
    EJWill's Avatar
    Join Date
    May 2009
    Location
    Dunstable
    Posts
    55
    Thank Post
    4
    Thanked 37 Times in 13 Posts
    Rep Power
    17
    What about if you take the application being used, as assumed.

    For example, if the file type being opened has the extension .swf and/or the mimetype application/x-shockwave-flash.

    Then closing SAFlashPlayer and/or any other media process as a given. This would then release the resource for you to delete?

  8. #83

    Join Date
    Jan 2009
    Location
    Burton On Trent
    Posts
    140
    Thank Post
    24
    Thanked 30 Times in 22 Posts
    Rep Power
    17
    Works to an extent with certain files. If they open a .xls spreadsheet then the only program they have that will open this is Excel, so I could close down all instances of excel (and if they loose work they had open in another window, thats a lesson that they shouldnt be playing games)

    The .swf files themselves are slightly more tricky, in that they can do 'open with' and open them in a variety of programs that understand flash. (flash, flashplayer, media player classic and Internet Explorer are the ones I've caught them using.)

    I had wanted a more generic approach so that one method could deal with multiple methods of gaming, or opening otherwise banned files. (we cant restrict them all, as various courses have them developing flash).

    I think you are right though, without much more expertise than I have to delve into using ntdll.dll then I will have to settle for working out the filetype to default program. Or even be completely evil and close all processes that I identify as being able to play games without worrying which one was the process playing the game.

  9. #84
    EJWill's Avatar
    Join Date
    May 2009
    Location
    Dunstable
    Posts
    55
    Thank Post
    4
    Thanked 37 Times in 13 Posts
    Rep Power
    17
    Well, when I see them playing games through Internet Explorer, I close the whole instance.

    They should not be playing games, and as such if there was any work on the other tabs, then hard luck.

    As long as the programme doesn't make any false positives, it's well within acceptable policy control to shut down the whole lot. I know of one school that shuts down the computer if they're caught.

    With regards to opening up SWF in other files, surely group policy already prohibits running and installing new programmes. The only programmes that need to be closed are those already installed.

    Maybe a KILL list is needed for customisation, like your last build.

  10. #85

    Join Date
    Jan 2009
    Location
    Burton On Trent
    Posts
    140
    Thank Post
    24
    Thanked 30 Times in 22 Posts
    Rep Power
    17
    Yes, they cannot install new programs, but .swf can currently run in ...
    Embedded in excel worksheets (we cannot disable vba or macros as these are needed by some of our courses)
    Internet Explorer (easiest to kill, thats the purpose of gamekiller2, which is doing a great job here)
    Media Player Classic (installed as part of a codec pack and used by some media students)
    Flash cs3 (used by computing students)

    I think the approach will have to be the evil one :-

    On detection of ANY game file being opened, close down ALL instances of these programs to ensure the file is deleteable.
    So, if the student has some research open in IE, his large flash project open in Flash, and then decides to open a game, he's going to loose all his sessions work too. Oh well. :-)
    I can live with that, I think most of the teachers can too, will have to clear it with the SLT though.

    I had wanted the elegant solution of being able to determine which process I should kill, but oh well :-)

    ok, will start work in coding the new version in earnest in the next week or so (although I'm off on summer holiday end of the month). I aim to get it up and running in some form by the end of summer break, ready for the new intake!

    Thanks for all the suggestions and help.

  11. #86
    EJWill's Avatar
    Join Date
    May 2009
    Location
    Dunstable
    Posts
    55
    Thank Post
    4
    Thanked 37 Times in 13 Posts
    Rep Power
    17
    It's all for the common cause!

    Hopefully your release, plus a few more additions I'd like to make with logging (if you release the source that is!) should hit at the heart of the problem.

    However a quick note about Externally hosted games. There are obviously thousands, even tens of thousands out there, and a blacklist against them would be folly as we could see that list expand to an unmanageable size. I still recommend using a firewall such as ISA, and then block SWF and the SWF MIME type, then use a whitelist to allow tutor requested sites.

    Cheers peterp

  12. #87
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,035
    Thank Post
    305
    Thanked 293 Times in 203 Posts
    Rep Power
    120
    Sorry to bring up an on going thread, but, i have just looked at our student GPO and tested it to see if everything is still working ok, and there seems to be a problem with the software restriction policy.

    We have a list of file extensions that we block and one of them is SWF. For some reason (on a test GPO) the software restriction is blocking the exe and MDB but i have added SWF, TXT, DOC and PPT and nothing is happening. The extensions still open as usual. There is nothing configured in the GPO apart from the software restictions.

    Can anyone help.

    Tim

  13. #88
    rehanahmeds's Avatar
    Join Date
    Dec 2007
    Posts
    25
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    try moving the policy higher in the list and then do gpupdate /force

  14. #89
    DrCheese's Avatar
    Join Date
    Apr 2008
    Posts
    1,032
    Thank Post
    97
    Thanked 160 Times in 109 Posts
    Rep Power
    59
    Quote Originally Posted by timbo343 View Post
    Sorry to bring up an on going thread, but, i have just looked at our student GPO and tested it to see if everything is still working ok, and there seems to be a problem with the software restriction policy.

    We have a list of file extensions that we block and one of them is SWF. For some reason (on a test GPO) the software restriction is blocking the exe and MDB but i have added SWF, TXT, DOC and PPT and nothing is happening. The extensions still open as usual. There is nothing configured in the GPO apart from the software restictions.

    Can anyone help.

    Tim
    I've found this out today as well, it manages to block .exe's and other files properly but when you tell it to block .swf it does nothing. Whist it really is just a classroom control issue it'd be nice if I could stop it still.

  15. #90

    Join Date
    Dec 2008
    Posts
    197
    Thank Post
    7
    Thanked 32 Times in 18 Posts
    Rep Power
    18
    I've been led to believe, by RM, that SR doesn't block the .swf even if explicitly specified.

    Thus using GameKiller2.

  16. Thanks to NeoPlosive from:

    DrCheese (11th June 2009)

SHARE:
+ Post New Thread
Page 6 of 12 FirstFirst ... 2345678910 ... LastLast

Similar Threads

  1. Software Restriction Policies - Allow ONLY certain software
    By link470 in forum Wireless Networks
    Replies: 28
    Last Post: 9th July 2010, 04:29 PM
  2. Help write a guide for Software restriction policies for USB
    By ChrisH in forum How do you do....it?
    Replies: 7
    Last Post: 28th January 2010, 09:40 AM
  3. Replies: 11
    Last Post: 20th April 2007, 06:38 PM
  4. Software Restriction Policies
    By wesleyw in forum Windows
    Replies: 14
    Last Post: 12th December 2006, 11:35 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •