- Feb 15, 2012
- 2,128
Best Anti-EXE/App Whitelisting 2015
- Thread starter Overkill
- Start date
- Status
- Feb 2, 2013
- 440
Mine doesn't too, I doubt anyone here can run device guard without being part of a big company. But for those lucky ones that can, its arguably the best.
Hmmmm, I may get lucky to find a computer with it built in. I plan on getting a new one soon anyways. I'd love to get features like Windows Hello and fingerprint scanners and whatnot
Now can these zeroday exploits bypass applocker? Or is it running from Kernel level enough to stop it?
Should I really be running a AV alongside it? Cause currently I am not.
- Sep 22, 2014
- 1,767
Can someone give me the link or tutorial how to start using/configuring Applocker (Win 10)?
Tnx
Something like this or not?
Is this the right site to start?
AppLocker Step-by-Step Scenarios
Tnx
Something like this or not?
Is this the right site to start?
AppLocker Step-by-Step Scenarios
Last edited:
- Mar 23, 2015
- 555
It seems that many people vote for SecureAPlus.
I am curious about its advantages over the others.
I am curious about its advantages over the others.
- Aug 2, 2015
- 4,286
VooDoo Shield (paid) gets my vote.
I love the layout of the program and how well it works. PeAcE
I love the layout of the program and how well it works. PeAcE
During installation, it will do a full system scan with its UAV (12 antivirus engine on the cloud) meaning it will scan for possible threats and at the same time it will whitelist everything deemed safe. This means that the amount of alerts a user gets is greatly reduced.It seems that many people vote for SecureAPlus.
I am curious about its advantages over the others.
While anti-exe/app whitelisting are useful, there's a danger that an inexperience user might accidentally whitelist a malware via some sort whitelisting mode (like learning mode from EXE Radar Pro and training mode from VoodooShield). That's the reason it is highly advised to make sure your computer is completely clean before using this type of software. Since essentially you're trying to lockdown your computer, and you wouldn't want the "bad guy" to be locked inside with you.
Here's an explanation from Yuki2718 from Wilders that you might find a lot more useful
SecureAPlus Freemium | Page 52 | Wilders Security Forums
Also I believe MalwareDoctor did a test on it some months ago, if you want you can look into it.
Have a good day
- Mar 23, 2015
- 555
Thank you for your reply.
According to Yuki2718, SAP can not only block exe and scripts, but also can block dlls and drivers.
It is amazing for me. I think it is really a strong feature.
But I think the full scan is too slow.
I have ever tried the free (for-1-year) version of SAP.
It took half a day to perform the full scan, even after I left my computer idle.
But in my opinion, a whitelist (and a blacklist) that can be manually edited could improve the usability.
However, it seems that the whitelist of SAP cannot be edited manually...(I am not sure about it).
I would have to disagree somewhat with this assessment, as none of these products are really geared towards newbie/novice users, even though the companies claim them to be.
Example, SecureAplus..
You download a file, secureaplus pops up and states the file is digitally signed, but then the virus total scan on the same pop up claims that 12 out of so many engines claims this file is malicious, a novice user is not going to know which way to turn, whether to trust the fact that it is digitally signed, and those 12 detection's could be a false positive, or whether the file is indeed malicious.
This would be the over all compelling theme for all of these products, and that would be that they require knowledge to make sound judgments as to what should be allowed into the system or not. Even products like Voodoshield which does a great job making it easier, still require knowledge after training mode has been ran, and it is set up.
As for the technologies these products are definitely a step in the right direction with today's malware problems, as traditional AV's with signatures are just not going to cut it anymore.
True. It does take quite some time for it to finish, but it's mostly worth it. After that initial scan, the user is not required to ever do another manual scan again, this is because the UAV will continuously scan your computer. When a user logs on his/her computer he/she will receive a prompt indicating SecureAPlus had scanned the entire computer, this takes less than a minute to complete. So yeah, it's worth having to wait for the initial scan to finish cause all subsequent scans are very fast.
Personally I would recommend installing it during a day when the user doesn't have to use the computer. Pick "fast" scan and leave it until it's finished.
Yeah, that is useful. EXE Radar Pro does a good job in letting the user be able to manually edit the list. As for SecureAPlus, I don't recall if it allowed it. I would recommend either here
SecureAPlus Freemium
And asking one of the representatives of SecureAplus
@sap
Or you can go to thread I posted from Wilders and ask there.
Good day.
- Feb 2, 2013
- 440
I can show you how! You can message me. I have mine set up in Windows 10 perfectly!
I've watched that video. Applocker has more options starting with Windows 8, so there's more options you can do, especially if you want Metro Apps to work.
Before you waste your time, please note Applocker in Windows 10 requires the Education or Enterprise edition in order to work. On the Pro version you can make rules, however the rules will unable to be enforced and therefore will not work.
Many users think Applocker is available in the lower versions of Windows and get disappointed when they find out it's not. It's unfortunate Microsoft only includes it in the higher end versions of Windows when it is such a amazing security feature.
@Online_Sword I seem to be the only one voting for Applocker.
Last edited:
- Feb 2, 2013
- 440
I had that issue. I had to reinstall anyways since Windows update was causing issues. After I did, the service had no problems starting in automatic mode. It may of just been luck that it worked.
Here is proof, just in case
- Feb 2, 2013
- 440
Sure, just message me when you can.
I know 18 hours is 6pm but that could be any time for me since I have no idea what time zone you are in.
- Sep 22, 2014
- 1,767
- Aug 31, 2014
- 439
- Jul 22, 2014
- 2,525
I have some question for all that tested these products: exe radar, voodoos, appguard and Sap.
Do they in principle work the same way, do they whitelist apps and block/check unknown ones?
Which ones work at kernel level (Appguard apparently does)?
What files do each program check and block?
Last, what additional features does each program offer, e.g memory, registry, file protection etc? What are the week points of each program?
These infos/summary of facts would help a lot to highlight the differences and to choose between them.
Thank you all for yor inputs!
Do they in principle work the same way, do they whitelist apps and block/check unknown ones?
Which ones work at kernel level (Appguard apparently does)?
What files do each program check and block?
Last, what additional features does each program offer, e.g memory, registry, file protection etc? What are the week points of each program?
These infos/summary of facts would help a lot to highlight the differences and to choose between them.
Thank you all for yor inputs!
Last edited:
Do they in principle work the same way, do they whitelist apps and block/check unknown ones?
Which ones work at kernel level (Appguard apparently does)?
What files do each program check and block?
Last, what additional features does each program offer, e.g memory, registry, file protection etc? What are the week points of each program?
These infos/summary of facts would help a lot to highlight the differences and to choose between them.
Thank you all for yor inpurs!
The only ones that use File Reputation are VooDooSheld (uses Virus Total lookup) and I believe SecureAPlus (uses its own database).
Kernel Level = the only ones I know of are AppGuard and VooDooShield (v 3 not yet released)
Basically if it's not on the local white-list or allowed by rules, digital signature, Trusted vendor, etc, then it is blocked - All of them
AppGuard has the most features - memory, registry and folder protection
I will make it very easy for you:
If you want simplicity, highly reliable with little trouble = NVT ERP
If you want additional lockdown, reliable but can be problematic dependent upon installed softs, quirky GUI = AppGuard
VooDooShield 3.0 is to be released soon with Kernel Mode driver; I can't comment as I haven't gotten my hands on it yet, but prior version have been OK to very good.
Right now I am running NVT ERP and Sandboxie constantly. I've had some troubles with AG and WFC, so I removed them until I get it sorted out.
If used correctly...
NVT ERP + SBIE = Blocked !
- Mar 23, 2015
- 555
- Jul 22, 2014
- 2,525
I m using Voodoshield 2.75 and I like it as its ability to scan with 56 VT scanner when something unknown is detected.
I asked the above because I didn't know if Voodoshield worked at kernel level (thanks Hjlb for the info that v. 3 will be!) and exactly what kind of files are controlled.
I don't think they have a memory or folder, registry protection.
I read a lot about AG, but I'm still not sure what files are guarded.
NVT is where I have no infos. Does it wotk at kernel mode, what files does it guard, does it have memory protection?
I asked the above because I didn't know if Voodoshield worked at kernel level (thanks Hjlb for the info that v. 3 will be!
) and exactly what kind of files are controlled.I don't think they have a memory or folder, registry protection.
I read a lot about AG, but I'm still not sure what files are guarded.
NVT is where I have no infos. Does it wotk at kernel mode, what files does it guard, does it have memory protection?
Last edited:
- Status
Similar threads
