windows非白名单exe监控并杀死

需求：孩子在家用电脑上网课，总是悄悄打开游戏或视频软件

方案：指定白名单exe，打开非白名单的就自动被杀死，并记录日志供查看

不知道是否还有更好的结果方案？

import psutil
import time
import logging# 配置日志记录，禁用缓冲
logging.basicConfig(filename='killed_exes.log', level=logging.INFO, format='%(asctime)s - %(message)s', filemode='a',force=True)# 允许访问的EXE名称清单
# allowed_exes = ['notepad++.exe','SgrmBroker.exe', 'TextInputHost.exe', 'ChsIME.exe', 'HPPrintScanDoctorService.exe', 'esif_uf.exe', 'OfficeClickToRun.exe', 'smartscreen.exe', 'dllhost.exe', 'System Idle Process', 'spoolsv.exe', 'wlanext.exe', 'fontdrvhost.exe', 'PhoneExperienceHost.exe', 'FMService64.exe', 'lkads.exe', 'msedgewebview2.exe', 'WmiApSrv.exe', 'LAVService.exe', 'Lenovo.Modern.ImController.exe', 'NisSrv.exe', 'explorer.exe', 'NVDisplay.Container.exe', 'dasHost.exe', 'Lsf.exe', 'System', 'MSOfficePLUSService.exe', 'AggregatorHost.exe', 'ldnews.exe', 'SogouCloud.exe', 'DAX3API.exe', 'usysdiag.exe', 'audiodg.exe', 'tagsrv.exe', 'csrss.exe', 'StartMenuExperienceHost.exe', 'NvTelemetryContainer.exe', 'SecurityHealthService.exe', 'rundll32.exe', 'MemCompression', 'svchost.exe', 'nimxs.exe', 'crashpad_handler.exe', 'IShowServer.exe', 'service.exe', 'sihost.exe', 'chrome.exe', 'MsMpEng.exe', 'dwm.exe', 'pdfServer.exe', 'PdsClientsDaemon.exe', 'LenovoTray.exe', 'Locator.exe', 'DSRHost.exe', 'RtkAudUService64.exe', 'Registry', 'Everything.exe', 'SearchIndexer.exe', 'Lenovo.Modern.ImController.PluginHost.Device.exe', 'lktsrv.exe', 'SecurityHealthSystray.exe', 'IShowSU.exe', 'SunloginClient.exe', 'nidmsrv.exe', 'RuntimeBroker.exe', 'unsecapp.exe', 'LenovoInternetSoftwareFramework.exe', 'python.exe', 'PDFEngine.exe', 'SearchApp.exe', 'ctfmon.exe', 'sqlwriter.exe', 'CastSrv.exe', 'taskhostw.exe', 'WmiPrvSE.exe', 'mDNSResponder.exe', 'niauth_daemon.exe', 'CompPkgSrv.exe', 'LISFService.exe', 'TestStandService.exe', 'LnvSvcFdn.exe', 'MSPCManagerService.exe', 'jhi_service.exe', 'fsnotifier.exe', 'smss.exe', 'conhost.exe', 'MpDefenderCoreService.exe', 'LenovoPcManagerService.exe', 'WUDFHost.exe', 'LockApp.exe', 'MSPCManager.exe', 'services.exe', 'lsass.exe', 'rsSyncSvc.exe', 'pycharm64.exe', 'wininit.exe', 'aDrive.exe', 'winlogon.exe', 'SyncAppServer.exe', 'LMS.exe', 'SogouImeBroker.exe']
allowed_exes = ['LnvSvcFdn.exe', 'services.exe', 'LenovoPcManagerService.exe', 'SogouImeBroker.exe','SyncAppServer.exe', 'Lenovo.Modern.ImController.PluginHost.Device.exe', 'PDFEngine.exe', 'Locator.exe','winlogon.exe', 'SgrmBroker.exe', 'taskhostw.exe', 'Typora.exe', 'nidmsrv.exe', 'DAX3API.exe','WINWORD.EXE', 'CalculatorApp.exe', 'aDrive.exe', '猿辅导.exe', 'SecurityHealthSystray.exe','MSPCManager.exe', 'WmiApSrv.exe', 'SunloginClient.exe', 'WmiPrvSE.exe', 'dwm.exe', 'sqlwriter.exe','SearchIndexer.exe', 'fontdrvhost.exe', 'WUDFHost.exe', 'rundll32.exe', 'smss.exe', 'FMService64.exe','YunDetectService.exe', 'iPDF Viewer.exe', 'wininit.exe', 'tagsrv.exe', 'dllhost.exe', 'NisSrv.exe','CodeSetup-stable-ea1445cc7016315d0f5728f8e8b12a45dc0a7286.tmp', 'MindMaster.exe', 'usysdiag.exe','System', 'iPDFUpg.exe', 'TestStandService.exe', 'Everything.exe', 'StartMenuExperienceHost.exe','nimxs.exe', 'ldnews.exe', 'DSRHost.exe', 'LenovoInternetSoftwareFramework.exe', 'LockApp.exe','wlanext.exe', 'IShowSU.exe', 'csrss.exe', 'LAVService.exe', 'SGTool.exe', 'MsMpEng.exe','Lenovo.Modern.ImController.exe', 'notepad++.exe', 'BaiduNetdiskUnite.exe', 'RtkAudUService64.exe','SearchFilterHost.exe', 'Registry', 'rsSyncSvc.exe', '小猿优课.exe', 'lsass.exe','mmcrashpad_handler64.exe', 'Video.UI.exe', 'PdsClientsDaemon.exe', 'pdfServer.exe', 'sihost.exe','Code.exe', 'OfficeClickToRun.exe', 'explorer.exe', 'svchost.exe', 'WiseOS.exe', 'BaiduNetdisk.exe','WeChatOCR.exe', 'smartscreen.exe', 'CompPkgSrv.exe', 'jhi_service.exe', 'LenovoTray.exe', 'ctfmon.exe','SearchApp.exe', 'Lsf.exe', 'PhoneExperienceHost.exe','CodeSetup-stable-ea1445cc7016315d0f5728f8e8b12a45dc0a7286.exe', 'AggregatorHost.exe', 'wemeetapp.exe','niauth_daemon.exe', 'msedgewebview2.exe', 'SnippingTool.exe', 'dasHost.exe', 'unsecapp.exe','IShowServer.exe', 'baidunetdiskhost.exe', 'lkads.exe', 'WeChat.exe', 'lktsrv.exe','NVDisplay.Container.exe', 'pycharm64.exe', 'audiodg.exe', 'esif_uf.exe', 'System Idle Process','WeChatAppEx.exe', 'SearchProtocolHost.exe', 'MemCompression', 'python.exe', 'plugin_host.exe','MpDefenderCoreService.exe', 'LISFService.exe', 'EXCEL.EXE', 'WeChatUtility.exe','crashpad_handler.exe', 'ai.exe', 'WeChatPlayer.exe', 'fsnotifier.exe', 'TextInputHost.exe','spoolsv.exe', 'splwow64.exe', 'NvTelemetryContainer.exe', 'ChsIME.exe', 'conhost.exe','MSPCManagerService.exe', 'MSOfficePLUSService.exe', 'SogouCloud.exe', 'UserOOBEBroker.exe','HPPrintScanDoctorService.exe', 'RuntimeBroker.exe', 'service.exe', 'FSCapture-动态截图工具.exe','xnnexternal.exe', 'SecurityHealthService.exe', 'ApplicationFrameHost.exe', 'mDNSResponder.exe','sublime_text.exe', 'LMS.exe', 'CastSrv.exe','cmd.exe','wemeetcrashhandler.exe','backgroundTaskHost.exe','WMIC.exe','Appvant.exe']def is_allowed_exe(exe_name):"""检查EXE名称是否在允许访问的清单中"""return exe_name.lower() in [name.lower() for name in allowed_exes]def kill_process(process_name):"""杀死某个进程并记录到日志文件中"""for proc in psutil.process_iter():try:if process_name.lower() == proc.name().lower():proc.kill()logging.info(f"{process_name} killed")print(f"{process_name} 已被杀死")# 手动刷新缓冲区logging.getLogger().handlers[0].flush()except (psutil.NoSuchProcess, psutil.AccessDenied, psutil.ZombieProcess):passdef monitor_and_kill_unallowed_exes(interval=1):"""监控并杀死不在允许访问清单中的EXE"""while True:for proc in psutil.process_iter():try:exe_name = proc.name()if not is_allowed_exe(exe_name):print(f"{exe_name} 不在允许访问清单中")kill_process(exe_name)except (psutil.NoSuchProcess, psutil.AccessDenied, psutil.ZombieProcess):passtime.sleep(interval)if __name__ == "__main__":monitor_and_kill_unallowed_exes()