Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Does oneself really need an Antivirus?
Message
<blockquote data-quote="ichito" data-source="post: 739195" data-attributes="member: 15835"><p>[USER=32260]@Andy Ful[/USER]</p><p>I've never tested feature to block whole excluded folder with its content because such option is designed to exclude - in manual they say "meaning, that you don't want to block" - so actualy means to set folder free from protection. I'm using instead it option to restrict folder that one can find and add to the list in "Restricted apps" tab...by this way I have added folder for downloaded content and additionaly that one in which I have more than two thousend installators (it's my archive) of not only security apps and its versions. Of course we can't forget add for restricted folder important option to write and save inside - "folders with write access" tab.</p><p>But back to your question - I've checked what will happened when we make denied user folder/folders...because of my Vista I've used to make deny whole folder "C:\Users\my_name\"...and actualy nothing interresting have happened with usual (installed) apps - it looks that they still work properly. Some interresting things I found when tried to install new app using .exe installator - in my case it was NVT OSArmor - insttalation process was broken with special system alert...see screenshot</p><p>[ATTACH]189396[/ATTACH]</p><p>Some actions was blocked also when I've tried to run zipped portable apps image browser CPix...but app would launch and open window. I've tested also UNetbootin that is single .exe file - it was executed from the same folder as mentioned above and nothing have been blocked - it worked as usual.</p><p>So...It's still "mistery" for me what is the rule/base of SS that allow specific app (its actions) or block another ones. It looks that thing which pass thru temp user folders sometine is just blocked and sometime only some actions off app are blocked. I attached some lines from log file of SS to show such issue</p><p><em>"2018-05-29 18:33:51,2192,C:\Moje programy\FreeCommander\FreeCommander.exe,53,Allowed ;Execution of an application ("C:\testy\unetbootin-windows-661.exe" )</em></p><p><em>2018-05-29 18:34:01,2192,C:\Moje programy\FreeCommander\FreeCommander.exe,53,Allowed ;Execution of an application ("C:\Users\xxx\AppData\Local\Temp\FreeCommander2192\2\CPix.exe" )</em></p><p><em>2018-05-29 18:34:01,4060,C:\Users\xxx\AppData\Local\Temp\FreeCommander2192\2\CPix.exe,50,Blocked ;Accessing the network via DNS Resolver service </em></p><p><em>2018-05-29 18:34:01,4060,C:\Users\xxx\AppData\Local\Temp\FreeCommander2192\2\CPix.exe,48,Blocked ;Outgoing network access </em></p><p><em>2018-05-29 18:34:15,4060,C:\Users\xxx\AppData\Local\Temp\FreeCommander2192\2\CPix.exe,26,Blocked ;Modifying protected registry key (HKLM\SOFTWARE\Classes\CPix.bmpfile\shell\open\command,)</em></p><p><em>2018-05-29 18:35:42,2000,C:\Windows\System32\taskeng.exe,53,Allowed ;Execution of an application (C:\Windows\system32\wermgr.exe -queuereporting)</em></p><p><em>2018-05-29 18:36:02,2192,C:\Moje programy\FreeCommander\FreeCommander.exe,53,Allowed ;Execution of an application ("C:\testy\osarmor_setup_1.4_test67.exe" )</em></p><p><em>2018-05-29 18:36:02,2964,C:\testy\osarmor_setup_1.4_test67.exe,53,Allowed ;Execution of an application ("C:\Users\xxx\AppData\Local\Temp\is-1CBGV.tmp\osarmor_setup_1.4_test67.tmp" /SL5="$220426,8243353,57856,C:\testy\osarmor_setup_1.4_test67.exe" )</em></p><p><em>2018-05-29 18:36:09,2448,C:\Users\xxx\AppData\Local\Temp\is-1CBGV.tmp\osarmor_setup_1.4_test67.tmp,26,Blocked ;Modifying protected registry key (HKLM\SYSTEM\ControlSet001\Control,ServicesPipeTimeout)"</em></p></blockquote><p></p>
[QUOTE="ichito, post: 739195, member: 15835"] [USER=32260]@Andy Ful[/USER] I've never tested feature to block whole excluded folder with its content because such option is designed to exclude - in manual they say "meaning, that you don't want to block" - so actualy means to set folder free from protection. I'm using instead it option to restrict folder that one can find and add to the list in "Restricted apps" tab...by this way I have added folder for downloaded content and additionaly that one in which I have more than two thousend installators (it's my archive) of not only security apps and its versions. Of course we can't forget add for restricted folder important option to write and save inside - "folders with write access" tab. But back to your question - I've checked what will happened when we make denied user folder/folders...because of my Vista I've used to make deny whole folder "C:\Users\my_name\"...and actualy nothing interresting have happened with usual (installed) apps - it looks that they still work properly. Some interresting things I found when tried to install new app using .exe installator - in my case it was NVT OSArmor - insttalation process was broken with special system alert...see screenshot [ATTACH]189396[/ATTACH] Some actions was blocked also when I've tried to run zipped portable apps image browser CPix...but app would launch and open window. I've tested also UNetbootin that is single .exe file - it was executed from the same folder as mentioned above and nothing have been blocked - it worked as usual. So...It's still "mistery" for me what is the rule/base of SS that allow specific app (its actions) or block another ones. It looks that thing which pass thru temp user folders sometine is just blocked and sometime only some actions off app are blocked. I attached some lines from log file of SS to show such issue [I]"2018-05-29 18:33:51,2192,C:\Moje programy\FreeCommander\FreeCommander.exe,53,Allowed ;Execution of an application ("C:\testy\unetbootin-windows-661.exe" ) 2018-05-29 18:34:01,2192,C:\Moje programy\FreeCommander\FreeCommander.exe,53,Allowed ;Execution of an application ("C:\Users\xxx\AppData\Local\Temp\FreeCommander2192\2\CPix.exe" ) 2018-05-29 18:34:01,4060,C:\Users\xxx\AppData\Local\Temp\FreeCommander2192\2\CPix.exe,50,Blocked ;Accessing the network via DNS Resolver service 2018-05-29 18:34:01,4060,C:\Users\xxx\AppData\Local\Temp\FreeCommander2192\2\CPix.exe,48,Blocked ;Outgoing network access 2018-05-29 18:34:15,4060,C:\Users\xxx\AppData\Local\Temp\FreeCommander2192\2\CPix.exe,26,Blocked ;Modifying protected registry key (HKLM\SOFTWARE\Classes\CPix.bmpfile\shell\open\command,) 2018-05-29 18:35:42,2000,C:\Windows\System32\taskeng.exe,53,Allowed ;Execution of an application (C:\Windows\system32\wermgr.exe -queuereporting) 2018-05-29 18:36:02,2192,C:\Moje programy\FreeCommander\FreeCommander.exe,53,Allowed ;Execution of an application ("C:\testy\osarmor_setup_1.4_test67.exe" ) 2018-05-29 18:36:02,2964,C:\testy\osarmor_setup_1.4_test67.exe,53,Allowed ;Execution of an application ("C:\Users\xxx\AppData\Local\Temp\is-1CBGV.tmp\osarmor_setup_1.4_test67.tmp" /SL5="$220426,8243353,57856,C:\testy\osarmor_setup_1.4_test67.exe" ) 2018-05-29 18:36:09,2448,C:\Users\xxx\AppData\Local\Temp\is-1CBGV.tmp\osarmor_setup_1.4_test67.tmp,26,Blocked ;Modifying protected registry key (HKLM\SYSTEM\ControlSet001\Control,ServicesPipeTimeout)"[/I] [/QUOTE]
Insert quotes…
Verification
Post reply
Top