A lot of viruses/malware these days hijack the .exe
file association on Windows. The default value for an exe file is "%1" %*
, which is fine. It launches the exe file with any arguments passed to it. However, a virus can change it to "Infected file.exe" "%1" %*
, which allows it to block specific programs, pop up warnings, all that junk.
I did get a few reasons for allowing this change, in the comments, but I am only concerned with the average home use desktop computer.
Would it cause any problems if I make the HKCR\.exe
and HKCR\exefile
keys readonly for home users?
Best Answer
You can do this but simply making it read only won't do, you need to set the user to have deny permissions and will need to have a user on the system that is not denied. As you are talking about doing this in the user hive it will become a little more complicated but it is doable.
Here are some things to consider though:
This wouldn't be supported and could cause all sorts of odd issues, but most malware isn't programmed to be that smart and this is a very effective way to keep it from finishing the infection.