Blocking P2P programs via GPO

[leeym]

I'd like to use Group Policies to disallow specific P2P applications from running in our network. However, I need to know the specific executable names. Is there an updated list out there that I can rely on?

We could block by port number but these can be changed, which is why I'm going down this road.

Thoughts?

 

[elmurado]

You'll find that the executable names can be changed too.
Maybe setting up a hash of the binary and then blocking by hash? I think you can do this via gpo-however, maybe this could be got round if they compile it themselves.
You may want to aim for a more policy driven solution-ie get caught doing this and you get sacked.
i've never seen a list of exe's but you might want to trawl securityfocus or neohapsis or antionline etc etc.
the other thing would be to load snort and get the p2p signatures from the snort community. They're supposed to be the most up to date. Snort is an IDS which watches traffic and can identify what kind of traffic is going through your network and then alert you based on rules:

http://www.snort.org