tags:

views:

62

answers:

1

I'd like to have a program that just runs in the background and detects whenever a certain process is started and hopefully prevent it from starting and then react to it some way, in Windows. Specifically, my co-workers will install "epic fail" on anyone's machine who forgets to lock it for 2 seconds and gets coffee or goes to the restroom. I'd like to have a defense against this executable from running, and maybe have the computer say something like "no, you are the one that fails". I know certain root kits can do this, although obviously I'd not like to use something like this.

+1  A: 

It's not hard to do, you can use EnumProcess or the Toolhelp API to get the processes, you could write a service to do this every so often and then kill the offending PID with TerminateProcess.

Lloyd
Unfortunately I am afraid that one second it enough time for the running program to do it's damage.
aceinthehole
You could set it up to run in milliseconds but at probably the expense of CPU load. For finer granularity I'm not sure, maybe some native/core API calls or hooking, for example CreateProcess/ShellExecute etc.
Lloyd