Advice Request AppGuard + ERP + Sandboxie = A Strong Combo?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
Either Eset + ApGuard or Eset + SpyShelter would be enough. More important is a proper configuration (attack surface reduction) than adding another security applications.

The cautious users are pretty much safe if they can:
  • open the unsafe files (from the Internet or removable sources) in the properly restricted environment or blocks them (if not needed, like scripts);
  • disable SMB protocols, and remote services;
It is not especially important if SRP or Anti-Exe, or Sandboxing, is used for that. That is usually, also a strong anti-exploit prevention, because the exploit is unarmed in the restricted environment or cannot be executed, or if executed, then cannot run/download something else.
Things are more complicated with the kernel exploits, but fortunately, Windows Updates can provide the sufficient protection, so far.

In-memory attacks (from the network) are dangerous for organizations and for the people, who use the public networks. In the second case the strong firewall should be sufficient.
In the case of organizations, the ATP features will be required, which are
based on: Memory Isolation + Memory & Network Monitoring + Machine Learning & Artificial Intelligence + Credential Protection + Data Encryption, etc.

An excellent summation. But between SpyShelter and AppGuard with ESET I personally would choose AG all the way.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Hey shmu, I think ReHIPS permits some more tweaks than SBIE. SBIE can be tweaked also but less.
I'll tell you what I mean: in ReHIPS, I can't grant direct file access to any folder in real user space. For instance, if I want isolated Word to be able to save a file onto my desktop, I need to move my desktop folder out of the Users directory, and locate it somewhere else, such as C:\Desktop. But with SBIE, I don't need to do that.
Also, with SBIE I can drag and drop a file onto a Gmail message, but ReHIPS doesn't support this. I need to do the whole "attach file" process.
 
  • Like
Reactions: vtqhtr413

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Hey shmu, I think ReHIPS permits some more tweaks than SBIE. SBIE can be tweaked also but less.
I have the opposite opinion.(y)
Sandboxie sandbox can be easily configured to run only one application (one EXE file) and automatically & silently block execution of all other EXE files. Another Sandboxie sandbox can run all executables. Both sandboxes can be used simultaneously. I think that it would be hardly possible in ReHIPS.
Sandboxie can configure the access to Registry keys and the IPC object resource. It is also possible to manage exclusions for COM classes and Window classes. The Internet access has the option to block the particular ports.
 
Last edited:
D

Deleted member 178

I'll tell you what I mean: in ReHIPS, I can't grant direct file access to any folder in real user space.
I can so you could. You have to tweak the IE access rights.

I use Word or Excel isolated and can save the file on a selected folder in another partition. In my case in the Mega cloud folder.


Also, with SBIE I can drag and drop a file onto a Gmail message, but ReHIPS doesn't support this. I need to do the whole "attach file" process.
Never used this feature.
 
  • Like
Reactions: harlan4096

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Comodo FW has nothing special, SEP one however is in another league.
Comodo Firewall is far stronger than Windows Firewall (default settings). The CIA and NSA did not love it. SEP (Symantec Endpoint Protetcion) firewall is from another league because of many configurable options, but it would be hard to prove that is far stronger than CF + some Windows hardening, for protecting the computer in the public network.
Anyway, It is probably true that SEP firewall is far better for Enterprises.(y)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Comodo Firewall is far stronger than Windows Firewall (default settings). The CIA and NSA did not love it. SEP (Symantec Endpoint Protetcion) firewall is from another league because of many configurable options, but it would be hard to prove that is far stronger than CF + some Windows hardening, for protecting the computer in the public network.
Anyway, It is probably true that SEP firewall is far better for Enterprises.(y)
Andy, could you elaborate a little on the potential threats when using a public network? What is the typical attack sequence, and how does an interactive firewall such as Comodo stop it? Does the attacker drop a malicious file on the targeted computer, and then execute it?
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I can so you could. You have to tweak the IE access rights.

I use Word or Excel isolated and can save the file on a selected folder in another partition. In my case in the Mega cloud folder.
Is your Mega folder in real user space, for instance, a path like this: C:\Users\Umbra\Mega
Because if it is, you have to be a magician to coax ReHIPS into allowing you access to it.
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
Is your Mega folder in real user space, for instance, a path like this: C:\Users\Umbra\Mega
Because if it is, you have to be a magician to coax ReHIPS into allowing you access to it.
You can't do that in any way as writes are hardcoded and redirection will happen to the rehips user account used by excel (or whatever application you are using). Umbra said another partition though so it's not user space as windows is concerned so you can allow access if you wish.
 
  • Like
Reactions: bribon77 and shmu26

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Andy, could you elaborate a little on the potential threats when using a public network? What is the typical attack sequence, and how does an interactive firewall such as Comodo stop it? Does the attacker drop a malicious file on the targeted computer, and then execute it?
My knowledge about those topics is not great, but there are some well known facts.
If you are not sure that the public network is legitimate and solid, then you have to use VPN and disk encryption. The hackers can make a rogue Wi-Fi hotspot to do man-in-the-middle (MITM) attacks, so the personal firewall cannot help much.
The legal public networks can often have many vulnerabilities because of the old (or poorly configured) routers, so the hackers can easily compromise them.
When the hackers have compromised the network, they can use the well known pentesting tools (Metasploit, Kali Linux, etc.) to compromise the particular computers via exploits, open ports, etc. They can perform in-memory attack and steal the passwords or drop and execute payloads. In this point Comodo Firewall can help, because of the strong outbound attack protection. Also, well patched Windows 10 + blocked SMB protocols + blocked remote access features + blocked Windows scripts, can help a lot to mitigate/stop the attacks.
Firewall Outbound Attacks Protection Test (July 2013) - Anti-Malware Test Lab
Why are public WiFi networks insecure?
 
Last edited:

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
Also, well patched Windows 10 + blocked SMB protocols + blocked remote access features + blocked Windows scripts, can help a lot to mitigate/stop the attacks.
I totally agree on this point. I also disable all Incoming connections in windows firewall just to be on the safe side.
 
  • Like
Reactions: Andy Ful
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top