Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
NoVirusThanks OSArmor
Message
<blockquote data-quote="AtlBo" data-source="post: 711841" data-attributes="member: 32547"><p>With vulnerables, I think this way. If there is anything Windows that really nags you as potentially dangerous for an attack, you can add it to the list, and you will get an alert every time anything tries to start it. This is very powerful, and you can monitor any part of Windows you like. I used some good lists around for building a list of my own of things to keep an eye on in Windows. I attached a picture of the ones I use from a x64 system (very large picture). Many of the exes had to be added twice due to the 64 bit OS.</p><p></p><p>I would really like to update this list, but I don't think there has been much energy in improving the lists created for Bouncer a few years ago. BTW, I use basically the same list with Comodo's command-line monitoring. Don't have to add them twice in Comodo thankfully <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite119" alt=":rolleyes:" title="Roll eyes :rolleyes:" loading="lazy" data-shortname=":rolleyes:" />. Many of them aren't c-l interpreters, so I have no idea what if anything Comodo does with those entries.</p><p></p><p>With command lines I guess it's a fine line. If you know what spawned it you should be fine to whitelist it. If the command line comes out of the blue unexpectedly or the file that started the episode is strange or in a strange location, I block them. If you want to be effective whitelisting command line, wild-carding is the ever present friend in ERP and something fairly simple to learn...</p></blockquote><p></p>
[QUOTE="AtlBo, post: 711841, member: 32547"] With vulnerables, I think this way. If there is anything Windows that really nags you as potentially dangerous for an attack, you can add it to the list, and you will get an alert every time anything tries to start it. This is very powerful, and you can monitor any part of Windows you like. I used some good lists around for building a list of my own of things to keep an eye on in Windows. I attached a picture of the ones I use from a x64 system (very large picture). Many of the exes had to be added twice due to the 64 bit OS. I would really like to update this list, but I don't think there has been much energy in improving the lists created for Bouncer a few years ago. BTW, I use basically the same list with Comodo's command-line monitoring. Don't have to add them twice in Comodo thankfully :rolleyes:. Many of them aren't c-l interpreters, so I have no idea what if anything Comodo does with those entries. With command lines I guess it's a fine line. If you know what spawned it you should be fine to whitelist it. If the command line comes out of the blue unexpectedly or the file that started the episode is strange or in a strange location, I block them. If you want to be effective whitelisting command line, wild-carding is the ever present friend in ERP and something fairly simple to learn... [/QUOTE]
Insert quotes…
Verification
Post reply
Top
