Blocking of Custom File type for execution

Dear Team,

Can we Block Batch file execution or Command Prompt through Sophos Endpoint Protection?

If yes then Kindly provide a KB article.



Added tags
[edited by: GlennSen at 8:01 AM (GMT -7) on 3 Jul 2024]
Parents
  • Hi Shashank,

    Thanks for reaching out to the Sophos Community Forum. 

    It is not currently possible to block batch file execution, though you will remain protected from malicious batch files. With the behaviour-based scanning from Intercept X, if a batch file begins disabling key security features or downloads malware from known malicious sites, the processes will be stopped.

    Command Prompt is not currently listed as a controlled application, it is not possible to block CMD through Sophos Endpoint. With that being said, the same behaviour-based scanning will still be in place; should malicious commands or operations be triggered via CMD, they will be blocked as well.

    I was able to locate a GPO which will allow you to block CMD specifically:

    1. Open Start.
    2. Search for gpedit.msc and select the top result to open the Local Group Policy Editor.
    3. Browse the following path:User Configuration > Administrative Templates > System
    4. On the right side, double-click the Prevent access to the command prompt policy.
    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • Hi Shashank,

    Thanks for reaching out to the Sophos Community Forum. 

    It is not currently possible to block batch file execution, though you will remain protected from malicious batch files. With the behaviour-based scanning from Intercept X, if a batch file begins disabling key security features or downloads malware from known malicious sites, the processes will be stopped.

    Command Prompt is not currently listed as a controlled application, it is not possible to block CMD through Sophos Endpoint. With that being said, the same behaviour-based scanning will still be in place; should malicious commands or operations be triggered via CMD, they will be blocked as well.

    I was able to locate a GPO which will allow you to block CMD specifically:

    1. Open Start.
    2. Search for gpedit.msc and select the top result to open the Local Group Policy Editor.
    3. Browse the following path:User Configuration > Administrative Templates > System
    4. On the right side, double-click the Prevent access to the command prompt policy.
    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
No Data