New
#11
How would I block this though? With the registry example above in this thread? Would changing the filename bypass it or would changing this filename prevent it from actually working?
- - - Updated - - -
I just tested if the Tor Browser would still if launch if I renamed the Tor Browser\Browser\firefox.exe file and it still launched.
Just tried another file located in Tor Browser\Browser\TorBrowser\Tor\tor.exe
Now if I rename "tor.exe" it won't launch. Does that mean I can use that registry prevention method and it will prevent the Tor Browser from ever launching even with file renames? Referring to this one:
Does the above already target "Tor Browser\Browser\TorBrowser\Tor\tor.exe" and if not how do I rewrite the registry hack mentioned above to target it?
In general, the best way to prevent such things is administrative, not technical. It could be made part of their terms of employment or of access to computers that they must not not download and install programs which are deemed inappropriate. If they violate those terms, they can be punished appropriately, perhaps by loss of employment or by loss of access.
Have you investigated using AppLocker? Essentially, you can take a "snapshot" of allowed programs on a baseline system, and users are not allowed to run any other software. See https://docs.microsoft.com/en-us/win...ocker-overview
When I want to download TOR I have to do it via TOR, because virtually all downloads are linked to the original webpage. I have it blocked via NextDNS blocking VPNs. But he can get installer via USB or he can send it to himself via an email, so that is not the way to do it.
TOR connects via other TCP ports, so you can block all TCP Out 1025-65535.
Technically if you block all but allowed apps, that would do as well.
You can try this trick, is is easy to bypass, but it is worth a shot.
Code:reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "DisallowRun" /t REG_DWORD /d "1" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "1" /t REG_SZ /d "firefox.exe" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "2" /t REG_SZ /d "tor.exe" /f
Dear Mike, another layer if you will at a higher level,
To learn more about the Tor project, read the file properties signature. Such users are not dummies on four legs and for now they challenge you. Be aware that together they have the aptitudes and abilities to be troublemakers.
Take good note also, that by blocking the USB ports, the executable file and its related target, rigidity leads to unexpected results.
Here's what the tarball package (alpha) returns when defaulted:
Without Tor, in some areas of the world humanity is in danger.Code:Google Chrome cannot determine or set the default browser
Last edited by MikeMecanic; 30 Nov 2021 at 13:58.
RE: Reg file. Note that Tor should not function (be unable to connect) even if the browser launches. In any case if the regular firefox browser is not required to be installed then you can modify the reg file to block firefox.exe. Tor uses aversion of firefox ESRi.
Just found out that the program Onion Connect(which seems to also use Tor Browser) also bypasses the protections. It also installed without UAC.
Isn't there a way to write protect the entire HDD? Would this be problematic? Seriously considering making the whole HDD write protected.
I don't want anything installed anyway.
I think you missed Selden response in post #14 Prevent program installations from running
Try it. It will resolve your issue.