Poll MemProtect

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Do you use MemProtect?

  • Yes

    Votes: 4 7.1%
  • No

    Votes: 52 92.9%

  • Total voters
    56
Nov 17, 2016
761
2,153
Operating System
Windows 10
Installed Antivirus
Microsoft
#22
Sample configuration of MemProtect (prevents memory access) and PumperNickel (prevents file access). When you don;t want to tighten everything up, they are a great combo enforcing each other protections.
But you only use Memprotect of the two, don't you?
 

Windows_Security

Level 15
Content Creator
Verified
Mar 13, 2016
710
3,185
Operating System
Windows 7
#23
@TerrakionSmash

You are correct that I only used MemProtect, but since yesterday U also Pumpernickel because I received so much emails with ransomware lately that I wanted extra protection for the build-in backup drive and Outlook PST and OST files.

Regards Kees
 
Nov 17, 2016
761
2,153
Operating System
Windows 10
Installed Antivirus
Microsoft
#24
@TerrakionSmash

You are correct that I only used MemProtect, but since yesterday U also Pumpernickel because I received so much emails with ransomware lately that I wanted extra protection for the build-in backup drive and Outlook PST and OST files.

Regards Kees
Webmail or email client? How common are ransomwares there? I use Western products but I'm not a Westerner nor do I live there. Ransomware doesn't seem to be common here. Of course I might just be odd living in an odd environment since my environment surely isn't normal.
 
Jun 4, 2017
156
325
Operating System
Windows 10
Installed Antivirus
Emsisoft
#26
did anyone try the new [MODULEFILTER] for memprotect?
I just enabled it and played a little bit. --> wow this can really mess up your system :)
 
Oct 24, 2015
293
885
Operating System
Windows 7
Installed Antivirus
Emsisoft
#28
I use Pumpernickel and MZwritescanner from excubits. Yep everything is manual, but the protection is unequaled. MZwritescanner is my hero, it detects and alerts you when a exe,dll,sys file are dropped on your system, and it blocks them until you either clear the log file or reboot.

And they are very inexpensive, $13 us for each. I think he make his money by doing custom setups for enterprise. I am not sure he cares if you dont't use it because there is no GUI.
 
Jan 16, 2017
879
7,768
Operating System
Windows 8.1
Installed Antivirus
Emsisoft
#29
I use Pumpernickel and MZwritescanner from excubits. Yep everything is manual, but the protection is unequaled. MZwritescanner is my hero, it detects and alerts you when a exe,dll,sys file are dropped on your system, and it blocks them until you either clear the log file or reboot.

And they are very inexpensive, $13 us for each. I think he make his money by doing custom setups for enterprise. I am not sure he cares if you dont't use it because there is no GUI.
That price, yearly or lifetime?
 
Likes: frogboy
Mar 14, 2017
279
485
#30
I currently use AppGuard in locked down mode and am very happy with it. Is there any point in using MZwritescanner as well? I like the idea of being alerted when an exe/dll/sys file is "dropped" onto my drive.
 
Oct 24, 2015
293
885
Operating System
Windows 7
Installed Antivirus
Emsisoft
#32
I currently use AppGuard in locked down mode and am very happy with it. Is there any point in using MZwritescanner as well? I like the idea of being alerted when an exe/dll/sys file is "dropped" onto my drive.
Hi ParaXY

I also use Appguard in Lockdown. Whether you need both is kind of up to you and your situation. It is true Appguard will stop everything, but i do like having that notice. Depending how much your system changes you do have to baby sit it, but for me it's worth it.
 

Lockdown

From AppGuard
Developer
Oct 24, 2016
2,918
12,631
#33
I currently use AppGuard in locked down mode and am very happy with it. Is there any point in using MZwritescanner as well? I like the idea of being alerted when an exe/dll/sys file is "dropped" onto my drive.
If you are a "logaholic," which I know you are at a level where log audits are no challenge for you, then it might benefit you - if you are so inclined to audit logs from time-to-time. What log audits add to overall security is up to the user to decide.

Excubits cmdScanner (command lines with arguments) and MZWriteScanner (executable file tracking) can be configured to an "audit-only" mode. NoVirusThanks has similar products that are freeware for home use. There is also a freeware version of Log-MD which can be configured extensively.

Just a FYI... Excubits cmdScanner will not log process (*.exe) launches blocked by AppGuard. It will however log blocked executions of scripts. cmdScanner is useful in capturing command lines to configure AppGuard policy. There are multiple ways to get the infos out of cmdScanner with AG installed. If you want more infos then you know where to reach me.

I use cmdScanner from time-to-time. More often than not I reach for SpyShelter as its command line logger is quite good. NVTs logging utilities I have used here and there. Which one I utilize depends upon what I am working on.
 
Mar 14, 2017
279
485
#34
Hi ParaXY

I also use Appguard in Lockdown. Whether you need both is kind of up to you and your situation. It is true Appguard will stop everything, but i do like having that notice. Depending how much your system changes you do have to baby sit it, but for me it's worth it.
My system doesn't change frequently. I generally just keep my currently installed software patched and current. There are exceptions of course but now that I have locked down my PC and have it configured like I want it I like to just maintain.

Can you use MZWriteScanner on it's own to alert you when an exe/dll/sys file is dropped on your drive? Do you have a screenshot? I'm quite curious about this now!

If you are a "logaholic," which I know you are at a level where log audits are no challenge for you, then it might benefit you - if you are so inclined to audit logs from time-to-time. What log audits add to overall security is up to the user to decide.

Excubits cmdScanner (command lines with arguments) and MZWriteScanner (executable file tracking) can be configured to an "audit-only" mode. NoVirusThanks has similar products that are freeware for home use. There is also a freeware version of Log-MD which can be configured extensively.

Just a FYI... Excubits cmdScanner will not log process (*.exe) launches blocked by AppGuard. It will however log blocked executions of scripts. cmdScanner is useful in capturing command lines to configure AppGuard policy. There are multiple ways to get the infos out of cmdScanner with AG installed. If you want more infos then you know where to reach me.

I use cmdScanner from time-to-time. More often than not I reach for SpyShelter as its command line logger is quite good. NVTs logging utilities I have used here and there. Which one I utilize depends upon what I am working on.
I do have a peak in my Windows firewall logs from time to time using the excellent "Connection Log" in WFC. I like to have granular control of my machine and also like to know what is going on with it. I hate to be in the dark regarding these things!

Am I correct in saying that MZWriteScanner will only alert me when a NEW exe/dll/sys file is saved onto the hard drive? ie: existing exe/dll/sys files are ignored

Do you have a link for NoVirusThanks product that does the same thing? I was looking in but wasn't sure which one you were referring to:

NoVirusThanks Free Tools

My reason for the interest in MZWriteScanner is, I would like to know when a malicous exe/dll/sys file has landed on my hard drive even if it hasn't been executed yet (from a drive by download for example).
 

Lockdown

From AppGuard
Developer
Oct 24, 2016
2,918
12,631
#35
My system doesn't change frequently. I generally just keep my currently installed software patched and current. There are exceptions of course but now that I have locked down my PC and have it configured like I want it I like to just maintain.

Can you use MZWriteScanner on it's own to alert you when an exe/dll/sys file is dropped on your drive? Do you have a screenshot? I'm quite curious about this now!



I do have a peak in my Windows firewall logs from time to time using the excellent "Connection Log" in WFC. I like to have granular control of my machine and also like to know what is going on with it. I hate to be in the dark regarding these things!

Am I correct in saying that MZWriteScanner will only alert me when a NEW exe/dll/sys file is saved onto the hard drive? ie: existing exe/dll/sys files are ignored

Do you have a link for NoVirusThanks product that does the same thing? I was looking in but wasn't sure which one you were referring to:

NoVirusThanks Free Tools

My reason for the interest in MZWriteScanner is, I would like to know when a malicous exe/dll/sys file has landed on my hard drive even if it hasn't been executed yet (from a drive by download for example).
I have not used MZWriteScanner in quite a while. Florian made changes to it. The person who knows it is @Peter2150 since he uses the latest version.

The purpose of MZWriteScanner is to track certain file types that hit the system. The tray icon color change is your alert system, unless Florian also put in a tray icon balloon.

NVT Process and Event Logger: NoVirusThanks Products & Software

Just about every one of his products has a singular logging purpose. You have to read all the product descriptions.
 
Oct 24, 2015
293
885
Operating System
Windows 7
Installed Antivirus
Emsisoft
#36
I have not used MZWriteScanner in quite a while. Florian made changes to it. The person who knows it is @Peter2150 since he uses the latest version.

The purpose of MZWriteScanner is to track certain file types that hit the system. The tray icon color change is your alert system, unless Florian also put in a tray icon balloon.

NVT Process and Event Logger: NoVirusThanks Products & Software

Just about every one of his products has a singular logging purpose. You have to read all the product descriptions.
The beauty of MZwritescanner, is the file drops anywhere on your system and you see a color change in the tray icon. But more importantly is it won't execute until you either clear the log file or reboot. So you are both alerted and and protected. I don't know of anything else that will do that.
 
Likes: shmu26
Oct 24, 2015
293
885
Operating System
Windows 7
Installed Antivirus
Emsisoft
#37
Hi ParaXY

No screenshot. I assuming any one here can visualize a tray icon turning from green to red. But as I said even if you don't notice it right away.. To answer the other question. I have a grc utility Leaktest.exe on my F drive. If I copy it to my c: drive (or any other location) MZ will alert and block it's execution from there. I like that fact that is something drops a DLL I'll know about it.
 
Mar 14, 2017
279
485
#38
I have not used MZWriteScanner in quite a while. Florian made changes to it. The person who knows it is @Peter2150 since he uses the latest version.

The purpose of MZWriteScanner is to track certain file types that hit the system. The tray icon color change is your alert system, unless Florian also put in a tray icon balloon.

NVT Process and Event Logger: NoVirusThanks Products & Software

Just about every one of his products has a singular logging purpose. You have to read all the product descriptions.
The beauty of MZwritescanner, is the file drops anywhere on your system and you see a color change in the tray icon. But more importantly is it won't execute until you either clear the log file or reboot. So you are both alerted and and protected. I don't know of anything else that will do that.
Thank you all. This does sound like something I'd be interested in. Even if it runs in [#LETHAL] (audit mode) initially. I'd be fascinated and very interested to see when new executables land on my drive! The system tray icon changing colour is an excellent idea.

I just spun up a test VM but it doesn't seem to be installing in Windows 10 Version 1703. I am running 64-bit so have gone into the 64-bit folder in MZWriteScanner, right clicked the .ini file and clicked install but when I try to start the service it says it can't find the file? I did try a reboot but no luck.
 
Mar 14, 2017
279
485
#39
Hi ParaXY

No screenshot. I assuming any one here can visualize a tray icon turning from green to red. But as I said even if you don't notice it right away.. To answer the other question. I have a grc utility Leaktest.exe on my F drive. If I copy it to my c: drive (or any other location) MZ will alert and block it's execution from there. I like that fact that is something drops a DLL I'll know about it.
Hehe, I think I can visualise that :)

I thought there may be a toaster type alert or something along those lines.

I assume MZWriteScanner can/does monitor ALL locally attached drives? (ie: not just the system drive)

This is really cool. So you're alerted that a NEW executable has landed on your drive (so you're aware), you get the system tray icon changing colour AND you get the option to allow it to run if you want to (legitimate download). I assume existing executables will run that you have saved on your drive?
 
Oct 24, 2015
293
885
Operating System
Windows 7
Installed Antivirus
Emsisoft
#40
Indeed they will.

Here is what I do. I place their folder in Programs (x86) and execute the driver install. Also you must place the ini file in c:\windows or nothing will happen. The other thing I do is create a shortcut to the tray.exe file. I place that short cut in windows startup folder so it will start with windows.