Disallowrun Registry Key

At some point of the service, some too-new virus or malware may not be detected or the removal may not have be written to the latest pattern or update.

The only way to protect the PC from being reinfected is to use the disallowrun registry key. Originally written for Windows 2000 kernel, this setting seems to work on Windows XP and other Microsoft Windows OS (later than Win2K).

Edit the Local Policy (not applicable to WinXP Home)

1. Open the gpedit.msc from the Command Prompt or the Start > Run.
2. Expand User Configuration > Administrative Templates > System
3. In the right-pane, double-click Don't run specified Windows applications
4. Click Enable, then click on the Show button
5. Click the Add button and type in the executable name that you want to block
6. For example, to block ckvo.exe, type in ckvo.exe, not the full path of the file
7. Click OK button 3 times and exit the Group Policy Object Editor
8. Restart your PC to effect the changed policy
   

Block by specific/current user

1. Open the Registry Editor
2. Go to HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
3. On the right-pane, right-click and create a new DWORD value called DisallowRun
4. Double-click on the newly-created DWORD and give it the value 1
5. Next, create a new subkey called DisallowRun under HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
6. For any program you wish to block, create a new String value, and give it a name 1. Subsequent string names, use 2, 3, 4 in a sequential manner
7. Double-click on the 1 string and type in the name of the executable you wish to block
8. Exit Registry Editor and restart the PC to effect the change.

An excerpt from Microsoft is available here.

Cheers!