64 bit systems and HIPS

shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
hjlbx said:
I think, generally, an outbound firewall with alerts for most users is a good thing
Click to expand...
what do you say about glasswire, to keep the user informed?
 
  • Like
Reactions: DardiM
Behold Eck

Behold Eck

Level 15
Verified
Top Poster
Well-known
Jun 22, 2014
717
hjlbx said:
I agree with you.

I think, generally, an outbound firewall with alerts for most users is a good thing. It's very unfortunate that this is not an integral capability of Windows Firewall.

* * * * *

If you use COMODO Internet Security and set the firewall to block all outbound connections for Untrusted\Unknown processes (which means that they should be auto-sandboxed), then that is exactly what TinyWall does (without any sandboxing). The firewall behavior is identical for both products... with that firewall setting, COMODO does not generate any alerts and TinyWall does the same - always.

The advantage to COMODO is that you can set the firewall to generate alerts.

As for sandboxing, rollback or user profile isolation with the ability to delete the maliciously modified user profile and "regenerate" the complete clean, base-line user profile are more comprehensive and effective protection mechanisms.

But I do admit, this gets into "splitting hairs" territory...
Click to expand...

That`s right @hjlbx

if only Microsoft would give an option even to enable outbound filtering on their for advanced users but as always to much to ask for.

Tinywall might be a good option for my son`s laptop ? He doesn`t like alerts and is apt to remove the app to avoid this(...I know) but I`ll try Comodo first on silent mode with password protection on to seehow it goes ?

Nothing wrong with splitting hairs or worrying about the pinhole sized flaw in a fortresslike defence setup when other folks trundle on with only the most basic protection,oblivious to all.

Just wondering about how good any of these security apps are at defending themselves from attack.

Hence I like the floating toolbar approach once it disappears at least you know somethings up.

Regards Eck:)
 
  • Like
Reactions: AtlBo, XhenEd and DardiM
H

hjlbx

Tony Cole said:
May I ask, not too sure if this is "off topic." With AppGuard do you need exploit protection?
Click to expand...

Not really.

I watched AppGuard protect the system after a nasty browser exploit. The exploit abused Windows trusted processes, but AppGuard blocked execution of the malicious *.tmp.

As long as you have commonly exploited apps added to Guarded Apps list and keep them updated, you should be fine. If you want to protect the system earlier during an exploit, then you can add most of the vulnerable Windows processes to User Space (YES) = disable them - but there is no absolute need to do so.

Even if a malicious process somehow manages to get onto your system, Locked Down mode will prevent its execution.
 
  • Like
Reactions: AtlBo, XhenEd, Tony Cole and 1 other person
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Actually, it's not very important whether SpyShelter can block process hollowing or not, because an unknown file won't even be able to execute in the first place, unless it has a signature from a trusted vendor. And that would be a very rare case.
 
  • Like
Reactions: AtlBo
vivid

vivid

Level 5
Verified
Dec 8, 2014
206
Any product that relies only on vulnerable applications list is not safe. COM protection is more important. Hype.
 
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
vivid said:
Any product that relies only on vulnerable applications list is not safe. COM protection is more important. Hype.
Click to expand...
could you please elaborate?
are you maybe referring to SpS? It has an anti-executable function, i.e., it is default/deny. Please explain about the vulnerable applications list, because I didn't even know that SpS has such a thing. I was not able to get a clear answer from their support about that issue.
 
Last edited:
vivid

vivid

Level 5
Verified
Dec 8, 2014
206
Sure. Having a list of vulnerable processes means nothing to me. When you run into a malicious application it's very possible that it will not rely on any third party application or command line. A better approach is to create an interface in order to communicate and it depends on your operating system and installed programs. Do you guys really think that one application will always launch trough a VBScript interpreter? What I meant is that I find this attention towards the so called vulnerable processes to be unnecessary compared to others.
 
  • Like
Reactions: shmu26
You must log in or register to reply here.

Similar threads

oldschool
    • Like
    • +Reputation
New Update Brave Unveils New Privacy-Focused AI Answer Engine, Set to Handle Nearly 10 Billion Annual Queries
Replies
1
Views
164
Brave
oldschool
oldschool
vtqhtr413
    • +Reputation
    • Like
    • Sad
The Quiet Rise of RTCC's, Critics Warn of Creeping Surveillance
Replies
0
Views
933
News Archive
vtqhtr413
vtqhtr413
Gandalf_The_Grey
    • Like
    • Applause
    • Thanks
AV-Comparatives Mac Security Test & Review 2023
Replies
5
Views
930
Security Statistics and Reports
MuzzMelbourne
MuzzMelbourne

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top