Yes, infact I talked about monitors and events (callbacks) in my post since I am a developer.
Default Deny VS traditional AVs
- Thread starter JM Safe
- Start date
@Libera Milanesi I wrote a lot of threads about programming and CMD, go to read them in programming section.
Your post: Discuss - Default Deny VS traditional AVs
Your post lacked a lot of understanding on how an AV actually works; you were obviously thinking of the FileSystemWatcher component from the .NET Framework (which has communication with a Filesystem Mini-Filter driver built-in to Windows - except most AVs will be writing their own or using a better library for it which will offer more control and flexibility). I was being kind by educating you further.
I quoted your post and explained to you how it really worked because I thought you could find it handy for someone to take the time and care to help you. Otherwise you would never progress. Instead of getting back a "Thank you", I'm getting back unhealthy attitude. Incredibly rude.
Your threads have nothing to do with this. You can write a million threads on the basics and they will still always be the basics - because they are the basics. I can't take you seriously when you're throwing back attitude at someone who took the time to help you.
If you don't want to be quoted, corrected or for people to continue discussions about things you have said, then don't say anything at all. This is a public community, a public thread, and an open discussion.
Please be more respectful.
I tried to explain to you how monitors work in general but you mentioned FileSystemWatcher in .NET (which I never mentioned in my posts). Keep in mind that real-time security development is always based on event handlers (for example an anti-exe catches events of processes started or created) I think you are only trying to demonstrate to be the best expert in this thread. Then you thought to "help me" by sharing links when I develop software for years. Then please remember that: an AV that doesn't monitor each "thing" is not really useful.
@Libera Milanesi P.S. this is my thread and you made posts clearly off-topic by talking about Chromebook and I said to you to don't go off-topic but you didn't respect me.
The hilarious part about all of this is that I've actually worked with engineers from AV vendors and I have friends who are currently engineers at Microsoft. You'd think I know a bit about what I'm talking about. Whether you believe me or not is irrelevant, it's the truth. I may or may not have audited parts of the Windows source code as well. We'll leave it a mystery. Spooky! Boo!
You didn't need to mention the FileSystemWatcher. It's obvious. I'm aware of the .NET Framework and your description matches it perfectly. The FileSystemWatcher even has an easier naming of the events for you, which is what you referred to. Instead of the I/O Request Packet naming used for registering callbacks in an actual Filesystem Mini-Filter.
If you don't want to listen to what I've told you and you want to shine your ego, then you can do that. My post still stands. I saw you struggling and decided to be kind enough to chime in and help everyone.
I'm not trying to look like the "best" here. The only person I see doing this is you. This is why you felt the need to point out your programming threads and that you're a "developer". Note: I only mentioned my experience after you started causing an issue, so I didn't really do what you did.
Because post #164 is spam. I'll respond to it if you really want me to.
What relevance does this have to the current debate? One minute you're angry because I wanted to help you learn more and now you're angry about a Chromebook post. Make up your mind.
You've made posts not about the specific original topic:
Discuss - Default Deny VS traditional AVs
Discuss - Default Deny VS traditional AVs
May I remind you about the posts you made talking about AV real-time with your C# pseudo-code snippet? Also off-topic to the original thread topic.
My off-topic post about a Chromebook was not the only post about a Chromebook on the thread, but you only felt like calling me out for it only. The discussion continued long after I had stopped talking about a Chromebook.
If you go back and check, you'll see the Chromebook-related post you are referring to was one which helped another member of the community understand Chromebook's a bit more (and another member chimed in to help them a bit more as well). They had misunderstood about internet connection and Printers... I assume you want to see other members on the community benefit from discussion.
You have double standards and you're being inappropriate.
Are you sure?
Source: Discuss - Default Deny VS traditional AVs
How is that specifically tied to the original default deny topic? It's not. Just because @Lockdown works for AppGuard doesn't make your off-topic personal comment on-topic.
People can use whatever they want to use. In my experience, vendors usually use a variety of different languages.
I am personally not a fan of the .NET Framework but that is my personal opinion. I have worked with vendors who have used it for some things in the past.
Once again, you've just gone off-topic yourself. You're asking me these questions, but what relevance does any of this have?
- Jan 14, 2015
- 1,761
Libera Milanesi and others, lets keep it civil and not go off topic, or thread will be closed.
So lets get back on track of the topic instead.
Thanks
-Soul
So lets get back on track of the topic instead.
Thanks
-Soul
- Dec 23, 2014
- 8,591
Indeed, thanks for the correction. Although there are only RWX permissions in the ReHIPS panel for the concrete sandbox, the user can set manually all available ACL permissions for folders & files outside ReHIPS. It is possible because ReHIPS creates the new user for each sandbox.
The same is true for the ACL permissions in the ReHIPS registry hives - they are loaded when the sandbox is active.
Last edited:
- Mar 13, 2016
- 1,298
Yes Secure_Folder does not has read access to Kees User Folders and other Data Partitions. Reversely only Backup_User has create-write-delete access to my quick (work) backup-folders (contains only Office Documents and PDF's) and photo's/video's folders. Only downside is that I have to use Syncbackfree (which runs as Backup_user) to copy new files to these folders. .
s
Hello,I use Bitdefender Total Security+Zemana Antilogger+Heimdal(Thor)Pro+Vodooshield Pro & HitmanPro.
That's one hell of a default-deny + AV setup, are you running all that in real-time? How do you manage to keep up with everything and have you experienced any problems so far?
- Mar 17, 2016
- 474
Seems too much would just go with bitdefender, VS, syshardener, k9 webfilter, netcraft, and unchecky... you might want to consider isolation/sandbox.
still too much
"i have bitdefender TS, zemana antilogger paid, voodooshield free, osarmor, syshardener, k9 webfilter, netcraft, unchecky and appcheck antiransomware."
Similar threads
