Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
EXE Radar Pro v4 (Beta)
Message
<blockquote data-quote="AtlBo" data-source="post: 715343" data-attributes="member: 32547"><p>Did you try the "Signer" = "*" rule? Looks to me like the best option for you might be to lobby NVT for the addition of a "Path" entry on the rule creation dialog. Maybe I am just not seeing it there. That would be best for security, so that .tmps or other strange places wouldn't have access to the folder. I hate to sacrifice even the least amount of security too, so I know where you are coming from with this concern. BTW, if you go with "Signer", I don't know how Windows apps would react. I think some of them are unsigned by design (?). However, if that's not a problem, the choice would mean that only signed applications could access the driver, which would be a start. Don't know, however, how ERP 4.0 would react to just a single * wildcard character for a rule choice in the "Signer" rule entry box.</p><p></p><p>Does "Read Data from file" give you any options or is that just a header for the group of options?</p><p></p><p></p><p></p><p>I have tried this kind of rule in 3.1 without much success with whitelisting. However, the power of whitelisting may have been extended in 4.0. Those rules look to me like they should do the job if the "*" will be recognized in that place in the string. Have you had a chance to test to see? If the rules work, you should get no alert from NVT over one of the icacls.exe processes being accessed by the StarDock program.</p></blockquote><p></p>
[QUOTE="AtlBo, post: 715343, member: 32547"] Did you try the "Signer" = "*" rule? Looks to me like the best option for you might be to lobby NVT for the addition of a "Path" entry on the rule creation dialog. Maybe I am just not seeing it there. That would be best for security, so that .tmps or other strange places wouldn't have access to the folder. I hate to sacrifice even the least amount of security too, so I know where you are coming from with this concern. BTW, if you go with "Signer", I don't know how Windows apps would react. I think some of them are unsigned by design (?). However, if that's not a problem, the choice would mean that only signed applications could access the driver, which would be a start. Don't know, however, how ERP 4.0 would react to just a single * wildcard character for a rule choice in the "Signer" rule entry box. Does "Read Data from file" give you any options or is that just a header for the group of options? I have tried this kind of rule in 3.1 without much success with whitelisting. However, the power of whitelisting may have been extended in 4.0. Those rules look to me like they should do the job if the "*" will be recognized in that place in the string. Have you had a chance to test to see? If the rules work, you should get no alert from NVT over one of the icacls.exe processes being accessed by the StarDock program. [/QUOTE]
Insert quotes…
Verification
Post reply
Top