I'm also interested to know how well Sandboxie Plus performs against all types of (zero-day) malware.
David Xanatos claims Sandboxie protection is much stronger than Comodo's virtualization. I read at Wilders that the lowered SBIE protection should be as strong as Comodo FW. Now I am not a Sandboxie user nor Comodo user anymore and I am not testing any of them with malware, so I have no opinion on this (a respected software developer's word against a respected software tester's word), so maybe some Sandboxie users can chime in to explain this contradiction in claims.
The issue here is that disabling various things that malware could potentially use is like playing whack a mole- one never knows when something new could be exploited and pop up that isn't already blocked.
General true, but does not apply for mshta.exe, you know that also. I am with you when it comes to recent OneNote abuses. They are a worry. It seems that every time Microsoft introduces a seamless computing mechanisme it has weaknesses and use cases which can be misused.
and what is wrong with blocking what is known to be bad and could be bad again?Microsoft says unmanaged (home users) do not need any of them. 11S and 10S Mode are Microsoft Security's favorite Windows flavor for home systems:Home users need cscript, wscript and PowerShell for what again?
)
Those tools are pure Gold!@Oerlink thanks for the info (you did not see that coming ay
Your info confirms that SWH + FH of AndyFul would have blocked the RAT
On top of SWH hardening options I also disable CMD via registry tweak
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System]
"DisableCMD"=dword:00000001
Thank you. See how easy that was?
Various thingies most common being in install/uninstall routines.
