We have students that have been writing and sharing .bat files and
storing them on removable media. They hide it in a .txt. The .bat appears
to kill Windows XP Pro processes and prevents the Rogue Process Managment
from ever deploying.

It appears the batch file attacks or attempts to attack the App Launcher,
Deep Freeze and Synchroneyes Monitoring software.


taskkill /F /IM NalAgent.exe
taskkill /F /IM FrzState2k.exe
taskkill /F /IM DF5Serv.exe
taskkill /F /IM NALNTSRV.EXE
taskkill /F /IM ZenRem32.exe
taskkill /F /IM dax64.exe
taskkill /F /IM SynchronEyesSrv.exe
taskkill /F /IM MonitorService.exe

It seems they launch the .bat file prior to the Rogue Process Managment
load. Which leaves them open to run or kill just about anything.

I'm looking for a way to prevent students from using the taskkill
command. Prefer to prohibit it in Group Policy. The Group Polciy "Don't
Run Specific Windows Commands" is unable to block this .exe as it is not
an explorer run .exe.

The School District has the Command Prompt disabled for students but
this does not prevent them from running these batch type files. I have
also blocked cmd.exe with RPM but it still runs.

thank you,