Allow programs to only run in certain folders

Preventing the execution of programs outside the authorized folders means that the propagation of malicious software is severely limited. It can be achieved by modifying the rights of folders/files.

Blocking the execution of programs in the 'Downloads' folder, or in the users' folders, means that infections due to software received by e-mail or downloaded from the internet (for example ransomware) can be avoided.

Maintain a 'whitelist' of allowed programs

All software running on the machines needs to be authorized (application whitelisting).