- Aug 2, 2015
- 573
anti exe won't let a process run unless you allow it.What's the difference between software restriction policy and anti-executable and how do the current products under them compare? Are there any redundancies between them or do they cover each other? People's posts suggests there are differences.
Personally, I'm still doing that, using both on my Windows 8.1 x64. Could you give exact names of the other software that came out please?Some people use both, or at least they used to, when NVT was more popular (now there are other softwares that came out).
well, for instance, ReHIPS has won the hearts of many hard-core security enthusiasts.Personally, I'm still doing that, using both on my Windows 8.1 x64. Could you give exact names of the other software that came out please?
well, for instance, ReHIPS has won the hearts of many hard-core security enthusiasts.
there is also Excubits, and I think there is another product people are using, can't remember the name.
Nothing is an exact replacement for NVT ERP.
I have never tried this program. By the way, many MT users contact me and ask if I have appguard licenses to share. I am not from Appguard I don't have online shop where I sell appguard. I recommend to contact Jeff_T - Testing Group and ask him to share licenses with you. It is very easy for him to generate free licenses for you
I don't have any licenses to give out; engineering personnel do not generate licenses.
That is the point. I don't have either
Anything running isolated can't access real user profile neither you can manually do that(rehips ignores permission for the real user profile).ReHIPS is great because it uses separate user profiles (ReHIPSUSer) - which are isolated from each other as well as real user. If you keep your valuable data out of those profiles by not copying it there or backing up what you do create, you don't really care what happens in the ReHIPSUSer profiles as you can always delete them and re-create them.
The real user profile is still at risk if you use internet facing and downloaded programs within it.
For those that like combos, an exceptional one is AppGuard + ReHIPS.
Anything running isolated can't access real user profile neither you can manually do that(rehips ignores permission for the real user profile).
You might mean for anything not running isolated but in this case it's like any security program. If you disable or lower the protection you can get infected.
to harden the HIPS, you can add block rules for script interpreters and command line utilities, etc.At least some people will still use the real desktop to launch programs within the real user profile. If they do that, the HIPS will be the only ReHIPS module protecting the desktop. There are ways to bypass that HIPS. It's no different than any other HIPS.
to harden the HIPS, you can add block rules for script interpreters and command line utilities, etc.
if you don't want total block for a certain process, such as cmd.exe, you can set to alert.
I agree with what you said but user mistake is always possible. Appguard and rehips sure minimizes it though and only disable can infect you.At least some people will still use the real desktop to launch programs within the real user profile. If they do that, the HIPS will be the only ReHIPS module protecting the desktop. There are ways to bypass that HIPS. It's no different than any other HIPS.
That's the value of combining AppGuard with ReHIPS. AppGuard will block execution in the unlikely event of a HIPS bypass or some malc0der targets ReHIPS or any of a bunch of other bad scenarios.
What's the likelihood ? - probably a fraction of a percent. I think a very small fraction of a percent.
It would be very difficult to infect the real system using an AppGuard + ReHIPS combo. The most likely case would be a comedy of errors on the user's part.
I agree with what you said but user mistake is always possible. Appguard and rehips sure minimizes it though and only disable can infect you.
what would be the most common HIPS bypass, besides interpreters? (let's assume the user wisely chose "block" at the first prompt he sees)Interpreters aren't required to bypass HIPS. Having permanent block rules for those might or might not prevent it. It depends upon the attack method.
what would be the most common HIPS bypass, besides interpreters? (let's assume the user wisely chose "block" at the first prompt he sees)
so that's why I think ReHIPS really should keep the user safe, even if he runs some of his apps un-isolated.If user selects block, then there should be no problem.