- Feb 15, 2012
- 2,128
Best Anti-EXE/App Whitelisting 2015
- Thread starter Overkill
- Start date
- Status
Appguard + ERP is the best combo.
but NVT development is slowdowned. so Appguard for me.
but NVT development is slowdowned. so Appguard for me.
Best usability - NVT ERP
Best protections - AppGuard
Best advanced features - VooDooShield
ERP development, since now freeware, will probably be limited to bug fixes. Developer is working on new, more powerful, product. ERP's real power is in its ease-of-use, ability to control command lines - it is very easy to manage command line blocks of rundll32 when using external hardware.
AG has some additional protections. It needs to be configured - which is really no problem, but the user-interface and logs can be a bit of a hassle. No ability to manage command lines so need to combine with ERP for best security.
VS has a lot of improvements and some new features. User can manage command lines, but it is not as user friendly as ERP at this moment.
Best protections - AppGuard
Best advanced features - VooDooShield
ERP development, since now freeware, will probably be limited to bug fixes. Developer is working on new, more powerful, product. ERP's real power is in its ease-of-use, ability to control command lines - it is very easy to manage command line blocks of rundll32 when using external hardware.
AG has some additional protections. It needs to be configured - which is really no problem, but the user-interface and logs can be a bit of a hassle. No ability to manage command lines so need to combine with ERP for best security.
VS has a lot of improvements and some new features. User can manage command lines, but it is not as user friendly as ERP at this moment.
- Jan 22, 2014
- 1,804
@OokamiCreed u can make get an lifetime free license of SecureAplus. Just tell ur 6 friends to download & install it from ur provided link & collect some more points via sharing / + rate in social site ( u ca delete those post later after u get license ) >>
Referral Program
Referral Program
- Mar 23, 2015
- 555
I know little about anti-exe program since I have not ever used any one of them.
I hope to know that could an anti-exe program be intelligent enough that can automatically whitelist system processes and applications with good reputation?
I hope to know that could an anti-exe program be intelligent enough that can automatically whitelist system processes and applications with good reputation?
some of them do, others don't. i put both my anti-exec to lockdown mode so they block everything not whitelisted.
- Mar 23, 2015
- 555
I guess this means that you have to manually add every system program to the whitelist ... ?
no, AG & ERP have a short whitelist (mostly system processes) then you can add 3rd party processes & folders to this list.
you have several options that allow you to restrict processes
- Jan 14, 2015
- 1,761
If you allowed an "others" entry, then I would say ESET's Policy Mode HIPS. since it doesn't, I will say I had the easiest time (less configuration time spent etc) with Appguard. VooDoo was good to but affected some games (mind you this was back in when I was running W7).
Edit: voted on Others and therefore the ESET HIPS above becomes my main opinion.
Edit: voted on Others and therefore the ESET HIPS above becomes my main opinion.
Last edited:
- Feb 15, 2012
- 2,128
NVT ERP will be easiest to add legitimate\safe applications\files\command lines to white-list. This is primary reason why ERP is best overall - not necessarily best overall features and protections. But once you start comparing protections between all AEs - you start to "split hairs." It's rather pointless to debate one is better than the other...
If an AE works well on your specific system - and for you personally - then it is probably the best fit for you...
Nowadays one should use an AE. In the face of a never-ending onslaught of new malwares, daily, an AE is the logical primary protection; very high protection with minimal system-resource impact with absolutely no dependence upon malware signatures. An AE is completely dependent upon user awareness of system and disciplined\correct use by the user for maximum protection...
Finally, AEs are not the huge hassle or inconvenience as they were... but, still, they are best suited to someone who does not install new softs constantly.
@Online_Sword
You can use Training Mode in both ERP and VS on clean system... this will greatly reduce necessary configuration. Once trained switch to Lock-Down mode for maximum protection.
Last edited by a moderator:
- Feb 14, 2013
- 113
I chose AppGuard because it's capable of blocking more threats. AppGuard does more to mitigate exploits than an ordinary whitelisting AE. It has memory, registry, and file protection. It can also block malicious dlls, scripts, .tmp, etc. I think it's memory protection is it's most unique feature though. AppGuard does have it's short comings though. AG is lacking hash functionality. If AG also had hashing it would allow greater control over what is allowed, and denied. It would increase usability for one. AG also will allow any signed file to execute in the user-space with "limited rights" in Medium Protection Mode. I recommend always operating in Locked Down Mode when surfing risky sites, but popular well known sites can become infected as well so keep that in mind. AG does do a good job sandboxing crypto malware, but my philosophy is never allow a malicious file to execute to begin with so you don't have to worry about containment.
I also really like ERP because of it's vulnerable process feature. The vulnerable process features gives sort of a HIPS control of vulnerable processes by giving the user control of their command lines. That is something AppGuard does not have. ERP also has MD5 hashing of course, but I would prefer it be upgraded to SHA-256. I have found that ERP also runs extremely smooth on all my systems. ERP is an amazing application, but I think the developer is more than capable of making it an even better application for power-users. The developer already has other applications that can block any executable file, including drivers. I think that functionality could be combined into ERP to provide even better security against all categories of threats.
I guess most of the users here have already heard of Smart Object Blocker by NoVirus Thanks. It could turn into the next wet dream for security experts, and enthusiast. All rules currently have to be written by the user in a ini file, but that could change later on. I'm currently learning how to set it up myself, but I think i'm really going to like it. It currently has a very simplistic UI that only give access to settings, and rules which the user has to configure for themselfs. Well, there's also access to the log file in UI, and some directions on how write the rules/policy. I'm learning as I go along myself.
Bouncer should have been listed in this poll. There's a lot of great features coming in the near future with Bouncer. It is implementing memory protection, hashing, command line control, and several other features that I don't know the specifics to. Excubits, the developer of Bouncer already has all the features listed above in individual applications except for the memory protection, but they have not been combined into one product yet. The memory protection feature is still being developed AFAIK, but I don't know what stage of development it is in. According to the developers blog it could be complete, or almost complete. I'm not really sure. The developer of Bouncer does all the mitigations within the kernel, and Bouncer is going to be very similar to AppGuard in some regards. I'm looking forward to testing Bouncer with the combined functionality.
I also really like ERP because of it's vulnerable process feature. The vulnerable process features gives sort of a HIPS control of vulnerable processes by giving the user control of their command lines. That is something AppGuard does not have. ERP also has MD5 hashing of course, but I would prefer it be upgraded to SHA-256. I have found that ERP also runs extremely smooth on all my systems. ERP is an amazing application, but I think the developer is more than capable of making it an even better application for power-users. The developer already has other applications that can block any executable file, including drivers. I think that functionality could be combined into ERP to provide even better security against all categories of threats.
I guess most of the users here have already heard of Smart Object Blocker by NoVirus Thanks. It could turn into the next wet dream for security experts, and enthusiast. All rules currently have to be written by the user in a ini file, but that could change later on. I'm currently learning how to set it up myself, but I think i'm really going to like it. It currently has a very simplistic UI that only give access to settings, and rules which the user has to configure for themselfs. Well, there's also access to the log file in UI, and some directions on how write the rules/policy. I'm learning as I go along myself.
Bouncer should have been listed in this poll. There's a lot of great features coming in the near future with Bouncer. It is implementing memory protection, hashing, command line control, and several other features that I don't know the specifics to. Excubits, the developer of Bouncer already has all the features listed above in individual applications except for the memory protection, but they have not been combined into one product yet. The memory protection feature is still being developed AFAIK, but I don't know what stage of development it is in. According to the developers blog it could be complete, or almost complete. I'm not really sure. The developer of Bouncer does all the mitigations within the kernel, and Bouncer is going to be very similar to AppGuard in some regards. I'm looking forward to testing Bouncer with the combined functionality.
- Feb 14, 2013
- 113
I would participate more on the forum here, but I can never find what i'm looking for on this forum unless it for a product that has a dedicated thread like Eset, Shadow Defender, etc. The problem is knowing what section of the forum to look for a particular topic. Maybe it's just me.
btw.. it took me for ever to find this thread today after just seeing it yesterday. I did a search for it, but no cigar. It will take some getting use to.
btw.. it took me for ever to find this thread today after just seeing it yesterday. I did a search for it, but no cigar. It will take some getting use to.
- Feb 2, 2013
- 440
I vote for other. My choice is Applocker, which is what I am using right now. I love that thing so much. However it's only available on select Windows versions which in that case you'll havre go with one of the others. Since I have Applocker, I've never bothered to try any alternatives since it's doing its job so well and is built right into Windows.
I've tried so many ransomwre, adware, fake AV, and cryptolocker samples and I just cannot break this thing. Nothing is getting passed it.
For ease of use, Applocker is pretty simple. Just choose allow or deny and make either a file hash, publisher or path rule and that's it. I don't install much software. Usually it was just constantly switching antivirus programs every second but now I have eliminated that since I don't need a AV with Applocker.
I'm curious do the other software have a deeper hook? I'm going to assume like UAC, Applocker is working at the kernel level which I don't think any other software would have access to besides the operating system security features.
Please correct me if I am wrong.
I've tried so many ransomwre, adware, fake AV, and cryptolocker samples and I just cannot break this thing. Nothing is getting passed it.
For ease of use, Applocker is pretty simple. Just choose allow or deny and make either a file hash, publisher or path rule and that's it. I don't install much software. Usually it was just constantly switching antivirus programs every second
but now I have eliminated that since I don't need a AV with Applocker. I'm curious do the other software have a deeper hook? I'm going to assume like UAC, Applocker is working at the kernel level which I don't think any other software would have access to besides the operating system security features.
Please correct me if I am wrong.
- Feb 2, 2013
- 440
Yes. MUCH better. Way easier to config and you can lock down the system more. It takes less time to maintain. You cannot set publisher rules or anything using SRP. You have to add all files and rules one by one. Which can take ages instead of just allowing the publisher and job is done.
SRP is old and outdated now. Microsoft even recommends you move towards Applocker. It's terrible with Windows store apps. I couldn't even figure out how to allow them in SRP. With Applocker there is a whole section for Windows store apps and I have no problems using them.
Applocker is pretty much better in everyway. It implements itself at a Kernel level unlike SRP. But with both however, it is possible to completely lock yourself out of your system if you don't know what you are doing. (When I first started using them both I have locked myself out and had no choice but to install Windows again and start all over lol
)
Last edited:
On Windows 10 Enterprise, Device Guard basically owns other application whitelisting/anti exe at the current moment. Although it doesn't protect against Java apps etc., the Code Integrity service runs at hypervisor level. This means even the most advanced kernel zeroday attacks will have a massive headache trying to even run in a device protected by Device Guard.
- Feb 2, 2013
- 440
I'm aware of this feature, but unfortunately my hardware doesn't support Device Guard
so I am stuck to the normal applocker (don't get me wrong, it's a fabulous feature of it's own)I'm aware of this feature, but unfortunately my hardware doesn't support Device Guard
Mine doesn't too, I doubt anyone here can run device guard without being part of a big company
. But for those lucky ones that can, its arguably the best.- Status
Similar threads
