Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
Bouncer - Discussion & Support Thread
Message
<blockquote data-quote="Andy Ful" data-source="post: 524183" data-attributes="member: 32260"><p>The general idea is to always run executable files (from the User Space, no EV certificate) with SmartScreen check. There are many ways to accomplish this.</p><p>The most simple one is to check immediately if the dropped file has the proper Zone.Identifier file stream. If so, that is OK. If not, then Zone.Identifier file stream is added. I assume that the file stream will not be changed/deleted afterwards, and all executable files in the User Space have already got the proper file stream (it can be done during installation of MZWriteScanner).</p><p>The second solution (more robust) would be to make the checking/adding always when any executable file from the User Space tries to run (but before SmartScreen is triggered).</p><p>The third solution would be to make the checking as above. If the dropped file has the proper Zone.Identifier file stream, that is OK. If not, then MZWriteScanner triggers SmartScreen Filter in another way (does not add the file stream).</p><p>It would be great, if Florian could extend the functions of MZWriteScanner or Bouncer to do this task.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 524183, member: 32260"] The general idea is to always run executable files (from the User Space, no EV certificate) with SmartScreen check. There are many ways to accomplish this. The most simple one is to check immediately if the dropped file has the proper Zone.Identifier file stream. If so, that is OK. If not, then Zone.Identifier file stream is added. I assume that the file stream will not be changed/deleted afterwards, and all executable files in the User Space have already got the proper file stream (it can be done during installation of MZWriteScanner). The second solution (more robust) would be to make the checking/adding always when any executable file from the User Space tries to run (but before SmartScreen is triggered). The third solution would be to make the checking as above. If the dropped file has the proper Zone.Identifier file stream, that is OK. If not, then MZWriteScanner triggers SmartScreen Filter in another way (does not add the file stream). It would be great, if Florian could extend the functions of MZWriteScanner or Bouncer to do this task. [/QUOTE]
Insert quotes…
Verification
Post reply
Top