Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
Bouncer - Discussion & Support Thread
Message
<blockquote data-quote="Windows_Security" data-source="post: 491468" data-attributes="member: 50782"><p><strong>A really great little program from Excubits: MemProtect </strong></p><p></p><p>I was surprised how such a small driver (meaning little code), could offer so much functionality. Until Wildbydesign told me that it was a kernel feature build into Windows to protect Anti-Virus programs. Because you can create rules, it has to be possible to set run time/on execution flags to enable it for specific processes. This left me with only two soft based protections. One introduced with XP release 2 and the other introduced with Vista. It was the Vista process mitigation. This feature was introduces with Vista, so this provides some clues where the protection is based upon (Memprotect is freeware and the developer of Memprotect did not disclose where it is based upon).</p><p></p><p>So when you want to play with Memprotect, here are my settings to protect the system from Chrome (blacklist *chrome>*) and protect Chrome from the system (blacklist *>*chrome). Because it is in beta I have an allow all in the whitelist (*>*) and added priority rules (starting with!) to overrule the blacklist, allowing chrome to touch chrome and splwow64 (for printing) and allowing explorer, audiodg, csrss, lsass and svchost to touch Chrome.</p><p></p><p><em>Whitelist is overruled by blacklist, Priority whitelist overrules blacklist</em></p><p></p><p>[Code]</p><p>[LETHAL]</p><p>[#LOGGING]</p><p>[WHITELIST]</p><p>!C:\Windows\explorer.exe>*chrome.exe</p><p>!C:\Windows\System32\audiodg.exe>*chrome.exe</p><p>!C:\Windows\System32\csrss.exe>*chrome.exe</p><p>!C:\Windows\System32\lsass.exe>*chrome.exe</p><p>!C:\Windows\System32\svchost.exe>*chrome.exe</p><p>!C:\Program Files\Google\Chrome\Application\chrome.exe>*chrome.exe</p><p>!C:\Program Files\Google\Chrome\Application\chrome.exe>C:\Windows\splwow64.exe</p><p>!C\Program Files\Security\ProcessExplorer\procexp.exe>*chrome.exe</p><p>*>*</p><p>[BLACKLIST]</p><p>*chrome.exe>*</p><p>*>*chrome.exe</p><p>[EOF]</p><p>[/CODE]</p><p></p><p>When you want to copy this to your system, first run Memprotect with [#LETHAL] and [LOGGING]. Check whether your programs function properly, do a re-boot and check the MemProtect.txt log file in Windows folder. MemProtect is still Beta, so use a VM when you want to throw some malware at it and have an image restore at hand.</p><p></p><p>When my guestimate is correct, it works best at Windows 8.1 and higher (see <a href="https://msdn.microsoft.com/en-us/library/windows/desktop/dn313124(v=vs.85).aspx#launching_anti-malware_services_as_protected" target="_blank">Microsoft</a>)</p><p></p><p>Download <a href="https://excubits.com/content/en/products_beta.html" target="_blank">Products - BETA CAMP | Excubits</a></p></blockquote><p></p>
[QUOTE="Windows_Security, post: 491468, member: 50782"] [B]A really great little program from Excubits: MemProtect [/B] I was surprised how such a small driver (meaning little code), could offer so much functionality. Until Wildbydesign told me that it was a kernel feature build into Windows to protect Anti-Virus programs. Because you can create rules, it has to be possible to set run time/on execution flags to enable it for specific processes. This left me with only two soft based protections. One introduced with XP release 2 and the other introduced with Vista. It was the Vista process mitigation. This feature was introduces with Vista, so this provides some clues where the protection is based upon (Memprotect is freeware and the developer of Memprotect did not disclose where it is based upon). So when you want to play with Memprotect, here are my settings to protect the system from Chrome (blacklist *chrome>*) and protect Chrome from the system (blacklist *>*chrome). Because it is in beta I have an allow all in the whitelist (*>*) and added priority rules (starting with!) to overrule the blacklist, allowing chrome to touch chrome and splwow64 (for printing) and allowing explorer, audiodg, csrss, lsass and svchost to touch Chrome. [I]Whitelist is overruled by blacklist, Priority whitelist overrules blacklist[/I] [Code] [LETHAL] [#LOGGING] [WHITELIST] !C:\Windows\explorer.exe>*chrome.exe !C:\Windows\System32\audiodg.exe>*chrome.exe !C:\Windows\System32\csrss.exe>*chrome.exe !C:\Windows\System32\lsass.exe>*chrome.exe !C:\Windows\System32\svchost.exe>*chrome.exe !C:\Program Files\Google\Chrome\Application\chrome.exe>*chrome.exe !C:\Program Files\Google\Chrome\Application\chrome.exe>C:\Windows\splwow64.exe !C\Program Files\Security\ProcessExplorer\procexp.exe>*chrome.exe *>* [BLACKLIST] *chrome.exe>* *>*chrome.exe [EOF] [/CODE] When you want to copy this to your system, first run Memprotect with [#LETHAL] and [LOGGING]. Check whether your programs function properly, do a re-boot and check the MemProtect.txt log file in Windows folder. MemProtect is still Beta, so use a VM when you want to throw some malware at it and have an image restore at hand. When my guestimate is correct, it works best at Windows 8.1 and higher (see [URL='https://msdn.microsoft.com/en-us/library/windows/desktop/dn313124(v=vs.85).aspx#launching_anti-malware_services_as_protected']Microsoft[/URL]) Download [URL='https://excubits.com/content/en/products_beta.html']Products - BETA CAMP | Excubits[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top