Make your video test requests!

F

ForgottenSeer 97327

@bellgamin

In Windows-XP era, a decent firewall had to deal with all sorts of intrusions to prevent 'trusted' applications being a mule for malicious code. That is why Comodo Firewall always scored best in firewall leaktests, because it had a full fletched HIPS. Today even the Grand Lady of MT and WS advises to disable the HIPS of Comodo Firewall with Cruel Sister settings, because there are simply to many 'sponsors' or LoLbins which could be used as a mule for malware seeking outbound connections (and containment of applications when they are trying to get in at first launch is a more effective approach than a HIPS trying them to stop them going out).

When Glasswire first appeared on WS, I used it for a while and what I can remember that it checked outgoing applications on VirusTotal. The effectiveness of this check depends on whether Glaswire repeats this check every time a program tries to go outbound (I used the free version, so don't know). When Glaswire has a setting to trust applications, my guess is that these applications are NOT checked again at VT, but simply allowed. This would make Glaswire blind for applications being misused as mule or piggyback for malware going outbound.

Bottem line: I fear a real world test with staged attacks would show Glaswire to be of little use. I think the benefit of Glaswire for corporations is that IT-managers are able to track which applications have a lot of outbound traffic (to prevent employees leaking information or hostile third-parties to steal information). I think it is designed as a data usage monitor to discover information-theft/leak, not as intrusion prevention tool.

The name glasswire also indicateds that it shows (glass = transparent) what goes over the wire.
 
Last edited by a moderator:

bellgamin

Level 4
Verified
Well-known
Oct 11, 2016
160
@Max90 wrote:
Bottem line: I fear a real world test with staged attacks would show Glaswire to be of little use.
Glasswire is undoubtely not bulletproof. Hmmm... is ANY firewall bulletproof? (As the saying goes: There never was a horse that couldn't be rode BUT there never was a rider that couldn't be throwed.)

My post suggested that @Shadowra test several firewalls -- including but not limited to Glasswire. Goal: to find the best of those FWs chosen to be tested.
 

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
841
The problem with firewalls and malware unless the firewall does not have a block rule for certain exe or msi or whatever executable it will access the internet.

And in the other case where it has the capability to default deny access to unknown files it will block it or like WFC ask to allow/block it while temp blocking it.

It's fairly simple, I'm not sure what a test would prove other than what I stated. Firewalls are really dumb, basically it's allowed or block.
 

Shadowra

Level 33
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,245
WindowsDefender with ConfigureDefender on MAX and SimpleWindowsHardening

It seems to me that SWH is not compatible with Win11 22H2 since there is this

@Andy Ful correct me if I'm wrong ;)

Capture d’écran 2022-12-21 115006.png
 
F

ForgottenSeer 97327

@Shadowra

On my wife's laptop (which came with Windows11 home) SRP still works. On her PC Smart App Control is disabled. I think that when you have Smart App Control enabled, SRP does not work anymore on Windows 11. You could give H_C it a try (and only block powershell as sponsor) to test whether SRP is also depreciated when SAC is in AUDIT mode.

1671623973866.png
 
Last edited by a moderator:
  • Like
Reactions: franz and Shadowra

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
It seems to me that SWH is not compatible with Win11 22H2 ...
Yes, it is not fully compatible:

The same is true for H_C.
 

Shadowra

Level 33
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,245
Here are the planned tests!

- Webroot SecureAnywhere (the video is shot, will be posted tomorrow)
- Trellix Endpoint (video is shot, will be released Saturday morning, before my Christmas break)
- ESET vs Kaspersky (after Christmas, probably Tuesday or Wednesday) @anirbandutta01
- F-Secure SAFE
- ESET vs Acronis (the video is very late and I apologize @gary_seven )
- Microsoft Defender + ConfigDefender MAX + SAC or SWH @Max90
- The Avira Engine Battleship @Gandalf_The_Grey
- Comodo IS (@cruelsister settings)
- WiseVector + Comodo Firewall
 
Last edited:

Digmor Crusher

Level 23
Verified
Top Poster
Well-known
Jan 27, 2018
1,236
Here are the planned tests!

- Webroot SecureAnywhere (the video is shot, will be posted tomorrow)
- Trellix Endpoint (video is shot, will be released Saturday morning, before my Christmas break)
- ESET vs Kaspersky (after Christmas, probably Tuesday or Wednesday) @anirbandutta01
- F-Secure SAFE
- ESET vs Acronis (the video is very late and I apologize @gary_seven )
- Microsoft Defender + ConfigDefender MAX + SAC or SWH @Max90
- The Avira Engine Battleship @Gandalf_The_Grey
- Comodo IS (@cruelsister settings)
- WiseVector + Comodo Firewall
That's quite an ambitious list...I love it.:D
 

anirbandutta01

Level 7
Well-known
Jun 18, 2022
303
Here are the planned tests!

- Webroot SecureAnywhere (the video is shot, will be posted tomorrow)
- Trellix Endpoint (video is shot, will be released Saturday morning, before my Christmas break)
- ESET vs Kaspersky (after Christmas, probably Tuesday or Wednesday) @anirbandutta01
- F-Secure SAFE
- ESET vs Acronis (the video is very late and I apologize @gary_seven )
- Microsoft Defender + ConfigDefender MAX + SAC or SWH @Max90
- The Avira Engine Battleship @Gandalf_The_Grey
- Comodo IS (@cruelsister settings)
- WiseVector + Comodo Firewall
Thank you so much @Shadowra ❤️👍 I'm waiting...
 

franz

Level 8
Verified
Well-known
May 29, 2021
383
Here are the planned tests!

- Webroot SecureAnywhere (the video is shot, will be posted tomorrow)
- Trellix Endpoint (video is shot, will be released Saturday morning, before my Christmas break)
- ESET vs Kaspersky (after Christmas, probably Tuesday or Wednesday) @anirbandutta01
- F-Secure SAFE
- ESET vs Acronis (the video is very late and I apologize @gary_seven )
- Microsoft Defender + ConfigDefender MAX + SAC or SWH @Max90
- The Avira Engine Battleship @Gandalf_The_Grey
- Comodo IS (@cruelsister settings)
- WiseVector + Comodo Firewall
What can I say, you are the best, thank you :love:
 

Shadowra

Level 33
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,245
Hello :)

Before starting, I wish you a happy new year 2023 :)
Then, I want to apologize, I didn't keep my promise of one video per day...
Shooting a video takes time: In preparation (malware research, sampling, shooting, editing etc) and I wanted to set the bar too high... and also because I have a girlfriend who came into my life and I wanted to enjoy it.

Then, I resume my training tomorrow. So I'll be going to 3 reviews a week (Tuesday, Thursday, Sunday).

And in the middle of January, I'll take a week break for the videos because I need it :D
I'm releasing 2 videos this week and one video that I'm shooting on Wednesday :)

Take care of yourself ;)

Shadowra
 

franz

Level 8
Verified
Well-known
May 29, 2021
383
Hello :)

Before starting, I wish you a happy new year 2023 :)
Then, I want to apologize, I didn't keep my promise of one video per day...
Shooting a video takes time: In preparation (malware research, sampling, shooting, editing etc) and I wanted to set the bar too high... and also because I have a girlfriend who came into my life and I wanted to enjoy it.

Then, I resume my training tomorrow. So I'll be going to 3 reviews a week (Tuesday, Thursday, Sunday).

And in the middle of January, I'll take a week break for the videos because I need it :D
I'm releasing 2 videos this week and one video that I'm shooting on Wednesday :)

Take care of yourself ;)

Shadowra
Happy New Year to yourself. You have nothing to apologize for, we are only grateful for all the work you put in for us.

Take good care of yourself too 🌹🌹🌹
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top