Advice Request ESET LiveGrid - can it be tweaked to whitelisting only?

Please provide comments and solutions that are helpful to the author of this topic.

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
ESET LiveGrid maintains a whitelist, which is used to auto-allow, a blacklist, which is used to auto-block and whatever is not in either is analyzed.
I was wondering, can ESET be configured to block everything that's not on the LiveGrid whitelist ? This way ESET's LiveGrid would effectively be turned into a cloud whitelisting solution.
 

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,487
Which AVs have something equivalent ?
Kaspersky Application Control does what you need. They have a vendors list, and can be configured to execute only what is digitally signed. As en extra option, can be tweaked to trust ONLY digitally signed files by a trusted vendor (according to their vendor lists). In this scenario, only files digitally signed by a Kaspersky Trusted Vendor will be allowed to lauch. All the rest will be blocked upon execution. Even if you don't like a trusted vendor, you can manually block it.
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
Kaspersky Application Control does what you need. They have a vendors list, and can be configured to execute only what is digitally signed. As en extra option, can be tweaked to trust ONLY digitally signed files by a trusted vendor (according to their vendor lists). In this scenario, only files digitally signed by a Kaspersky Trusted Vendor will be allowed to lauch. All the rest will be blocked upon execution. Even if you don't like a trusted vendor, you can manually block it.

Windows can do that too ( presumably Kaspersky may manage the trusted certificate list more tightly ) but I'm looking beyond that, to not allow any executable whose hash is not whitelisted (so even signed malware doesn't get to run).

With Defender this would be done by both allowing only signed executables to run + BAFS + ASR rule on age prevelance etc, other AV vendors must have something like this as well.
 

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,714
Windows can do that too ( presumably Kaspersky may manage the trusted certificate list more tightly ) but I'm looking beyond that, to not allow any executable whose hash is not whitelisted (so even signed malware doesn't get to run).

With Defender this would be done by both allowing only signed executables to run + BAFS + ASR rule on age prevelance etc, other AV vendors must have something like this as well.
@harlan4096 would be able to give you more details but you should be able to disable trust by certificate.
 

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,487
Windows can do that too ( presumably Kaspersky may manage the trusted certificate list more tightly ) but I'm looking beyond that, to not allow any executable whose hash is not whitelisted (so even signed malware doesn't get to run).

With Defender this would be done by both allowing only signed executables to run + BAFS + ASR rule on age prevelance etc, other AV vendors must have something like this as well.
Then what you're looking for is default-deny solutions. Check VS, ERP, etc.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top