Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
Bouncer - Discussion & Support Thread
Message
<blockquote data-quote="Andy Ful" data-source="post: 523856" data-attributes="member: 32260"><p>Thanks to a discussion on another topic, I have got an idea about excubits MZWriteScanner.</p><p>Actually, it can monitor and keep track of Windows executable files (MZ files) which are dropped onto the hard disk.</p><p>I think that functionality of MZWriteScanner could be extended to force executable files (cmd, com, cpl, exe, msi, pif, scr) in the User Space to trigger SmartScreen Filter (App Reputation on RUN). So far, SmartScreen can be easily bypassed by any 0-day malware executable (see the topic <a href="https://malwaretips.com/threads/ransomware-musings-with-uac.61368/" target="_blank">Video Review - Ransomware- Musings with UAC</a>). Of course Windows can be locked by SRP, Bouncer, etc., but locked system is not especially user friendly. Something like 'SmartScreen SRP' would be more welcomed in Windows 8+ ('do not block, but go for Smartscreen'). In this simple way MZWriteScanner could reduce the vectors of malware infection, and should still be useful for average users.</p><p>The system can be easily hardened by using some reg tweaks:</p><p>* enable Windows Defender PUA protection</p><p>* disable command prompt</p><p>* disable Windows Script Host</p><p>* disable PowerShell script execution</p><p>* disable loading untrusted fonts (Windows 10)</p><p>* disable 16-bits</p><p>* deny Execute for Removable Storage Devices</p><p>Average user should not greatly miss any of above (disabled) functions.</p><p>This setup + web browser in a sandbox, should be as secure as well known antivirus suites, and has the advantage to be more stable and compatible with Windows system.</p><p>Anyway, nothing is bulletproof. SmartScreen Filter does not check programs signed by an EV code signing certificate, so can be bypassed by targeted attacks.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 523856, member: 32260"] Thanks to a discussion on another topic, I have got an idea about excubits MZWriteScanner. Actually, it can monitor and keep track of Windows executable files (MZ files) which are dropped onto the hard disk. I think that functionality of MZWriteScanner could be extended to force executable files (cmd, com, cpl, exe, msi, pif, scr) in the User Space to trigger SmartScreen Filter (App Reputation on RUN). So far, SmartScreen can be easily bypassed by any 0-day malware executable (see the topic [URL='https://malwaretips.com/threads/ransomware-musings-with-uac.61368/']Video Review - Ransomware- Musings with UAC[/URL]). Of course Windows can be locked by SRP, Bouncer, etc., but locked system is not especially user friendly. Something like 'SmartScreen SRP' would be more welcomed in Windows 8+ ('do not block, but go for Smartscreen'). In this simple way MZWriteScanner could reduce the vectors of malware infection, and should still be useful for average users. The system can be easily hardened by using some reg tweaks: * enable Windows Defender PUA protection * disable command prompt * disable Windows Script Host * disable PowerShell script execution * disable loading untrusted fonts (Windows 10) * disable 16-bits * deny Execute for Removable Storage Devices Average user should not greatly miss any of above (disabled) functions. This setup + web browser in a sandbox, should be as secure as well known antivirus suites, and has the advantage to be more stable and compatible with Windows system. Anyway, nothing is bulletproof. SmartScreen Filter does not check programs signed by an EV code signing certificate, so can be bypassed by targeted attacks. [/QUOTE]
Insert quotes…
Verification
Post reply
Top