Advice Request How can you secure folders based on these 3 requirements?

Please provide comments and solutions that are helpful to the author of this topic.

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
You can do that with comodo firewall. Use CS settings plus do the following....
1. Enable CS settings in containment.
2. Enable cloud lookup in file rating.
3. Select all vendor certificates in vendor list by ticking Vendor Tab.
Untitled-1.jpg
4. remove all and click "OK"
5. Now Go to settings>File List >Select all and click "look up". All files with legitimate certificate will be added automatically.
6. Disable the cloud lookup in file rating.
7. Now you can copy all those vulnerable "files" to the system. Everything except those files which were already in the file list will be automatically sandboxed if tried to run.
7. If you need to install anything just enable the cloud lookup in file rating for it and disable the same after installation.

It is similar to tweaked Kaspersky and a good solution in practice.
But, if the malware is already running in the system, then it has still access to the suspicious/malicious files in "protected folder". This can be prevented by using additional protection which allows only selected applications to access the Protected Folders.

If one could skip the requirements:

3.files in those folders can not execute themselves in the background without my knowledge.
4.files in those folders are 24/7 following the requirements in 1-3 that i already outlined, no matter if i close my PC and open it again. I don't need to start back the service to enable their containment using the 3 requirements.

... and assume that OS is clean, then there are many practical solutions available (like Kaspersky and Comodo Firewall).
 
Last edited:

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
It seems that Protected Folders option does not include execution restrictions. If so, then the malware could still execute files in that folder. Furthermore, if the user allows opening a file from Protected Folder then the application which opens the file (media file, document, etc.) can still be exploited and the OS infected. I think that even using an encrypted vault in Kaspersky would be insufficient. The solution would be if the applications that have access to the Protected Folders, could run in the sandbox.
A file in UnTrusted group directly can't run... and in High Restricted group, can do very little...
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
true even in vm but OP requiremant done by developer in ReHIPS
ReHIPS create ReHIPS user profile isolate from all else even some system call not work + HIPS for ReHIPS user profile notify all
Unfortunately, the proposed solutions based on ReHIPS or VM are related to the idea of "Unsafe Folder" and not to "Protected Folder". If the Folder is located inside the sandbox or VM then the malware running there can delete/encrypt/infect the files in the folder. That is not a good thing for "Protected Folder". So, one can use "Unsafe Folder" in the real system and open files from this folder only via File Explorer running in the sandbox or VM. The "Unsafe Folder" is not protected in any way in the real system. The sandbox can be cleaned up and one can use snapshots or ShadowDefender in the VM (to clean up the infected environment).

I think that the idea of "Protected Folder" can be realized by additional protection of "Unsafe Folder" in the real system (restricted access to the Folder content). The "Protected Folder" can be useful if the system is shared by two or more users who do not use SUA.
For one reasonable user, the "Unsafe Folder" should be enough.
 
Last edited:
  • Applause
Reactions: Venustus

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top