Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
NVT Smart Object Blocker Update Thread
Message
<blockquote data-quote="Deleted member 178" data-source="post: 425898"><p>Released stable version v1.1:</p><p><a href="http://downloads.novirusthanks.org/files/SmartObjectBlocker_Setup.exe" target="_blank">http://downloads.novirusthanks.org/files/SmartObjectBlocker_Setup.exe</a></p><p></p><p>This is the full changelog:</p><p></p><p>[20-08-2015] v1.1.0.0</p><p>+ Added tray icon with right-click menu</p><p>+ Change the tray icon when objects are blocked if the GUI is not showing</p><p>+ Improved support for Windows 10 and Google Chrome</p><p>+ Added a new object variable to match SHA256 file hash</p><p>+ Added a custom cmdline parameter "-hidegui" to not show the main form when started</p><p>+ Added more block rules and optimized allow rules</p><p>+ Added new useful object and path variables</p><p>+ Improved matching of regular expressions (SEH wrap)</p><p>+ Added exclusions to Lockdown Mode</p><p>+ Fixed a couple vars/aliases within exclusions</p><p>+ Added Passive Logging mode</p><p>+ Added session end handling when rebooting or powering off the machine</p><p>+ Added DEP + ASLR on iobDLL32/64.dll files</p><p>+ Added option to copy blocked objects to a folder for forensic analysis</p><p>+ Added possibility to specify the Configuration.ini's location via command-line</p><p>+ Added possibility to use all the path variables also in the INI file</p><p>+ Show parent process fully qualified filename when a DLL is blocked</p><p>+ Match parent process also for DLL events</p><p>+ Added a new object variable to match parent process signer</p><p>+ Added a new object variable to match parent process SHA256 and MD5 file hash</p><p>+ Other optimizations</p><p>Click to expand...</p><p>** Click on Variables button to see the new object variables **</p><p></p><p>We've updated the \Block\ rules for the Behavioral Mode (default) so that SOB auto-blocks the execution of processes, dlls and drivers located in folders commonly abused by malware and exploit kits, plus it blocks web browsers, adobe reader, MS Edge, etc from executing cmd.exe, rundll32.exe, regsvr32.exe, etc and from loading kernel-mode drivers and DLLs located in specific folders. So as it is configured by default in Behavioral Mode, it can be effective in preventing a malware infection, you just need to install it and forget it. We will keep improving the block rules in next versions.</p><p></p><p>Example Block rules we've recently added in Process.DB:</p><p></p><p>[SPOILER="Rules"][%FILEPATH%: %TEMP%\*] [%PARENTPROCESS%: *\plugin-container.exe]</p><p>[%FILEPATH%: %WINDOWS%\Temp\*] [%PARENTPROCESS%: *\plugin-container.exe]</p><p>[%FILENAME%: rundll32.exe] [%PARENTPROCESS%: *\plugin-container.exe]</p><p>[%FILENAME%: cmd.exe] [%PARENTPROCESS%: *\plugin-container.exe]</p><p>[%FILENAME%: powershell*.exe] [%PARENTPROCESS%: *\plugin-container.exe]</p><p>[%FILENAME%: regsvr32.exe] [%PARENTPROCESS%: *\plugin-container.exe]</p><p>[%FILENAME%: wscript.exe] [%PARENTPROCESS%: *\plugin-container.exe]</p><p>[%FILENAME%: cscript.exe] [%PARENTPROCESS%: *\plugin-container.exe]</p><p>[%FILEPATH%: %TEMP%\*] [%PARENTPROCESS%: *\MicrosoftEdge.exe]</p><p>[%FILEPATH%: %WINDOWS%\Temp\*] [%PARENTPROCESS%: *\MicrosoftEdge.exe]</p><p>[%FILENAME%: rundll32.exe] [%PARENTPROCESS%: *\MicrosoftEdge.exe]</p><p>[%FILENAME%: cmd.exe] [%PARENTPROCESS%: *\MicrosoftEdge.exe]</p><p>[%FILENAME%: powershell*.exe] [%PARENTPROCESS%: *\MicrosoftEdge.exe]</p><p>[%FILENAME%: regsvr32.exe] [%PARENTPROCESS%: *\MicrosoftEdge.exe]</p><p>[%FILENAME%: wscript.exe] [%PARENTPROCESS%: *\MicrosoftEdge.exe]</p><p>[%FILENAME%: cscript.exe] [%PARENTPROCESS%: *\MicrosoftEdge.exe]</p><p>...</p><p>[%FILEPATH%: %ROOT%\Users\]</p><p>[%FILEPATH%: %ROOT%\Documents and Settings\]</p><p>[%FILEPATH%: %ROOT%\RECYCLER\*]</p><p>[%FILEPATH%: %ROOT%\System Volume Information\*]</p><p>[%FILEPATH%: %ROOT%\PerfLogs\*]</p><p>[%FILEPATH%: %RECENT%\*]</p><p>[%FILEPATH%: %WINDOWS%\Prefetch\*]</p><p>[%FILEPATH%: %WINDOWS%\Tasks\*]</p><p>[%FILEPATH%: *\$Recycle.Bin\*]</p><p>[%FILEPATH%: *\Recycle.Bin\*][/SPOILER]</p><p></p><p>To update:</p><p></p><p>1) Close SOB</p><p>2) Make a backup of the \Allow\, \Block\ and \Exclude\ (folders if needed)</p><p>3) Uninstall SOB</p><p>4) Reboot the PC (important)</p><p>5) Install the new SOB</p></blockquote><p></p>
[QUOTE="Deleted member 178, post: 425898"] Released stable version v1.1: [URL]http://downloads.novirusthanks.org/files/SmartObjectBlocker_Setup.exe[/URL] This is the full changelog: [20-08-2015] v1.1.0.0 + Added tray icon with right-click menu + Change the tray icon when objects are blocked if the GUI is not showing + Improved support for Windows 10 and Google Chrome + Added a new object variable to match SHA256 file hash + Added a custom cmdline parameter "-hidegui" to not show the main form when started + Added more block rules and optimized allow rules + Added new useful object and path variables + Improved matching of regular expressions (SEH wrap) + Added exclusions to Lockdown Mode + Fixed a couple vars/aliases within exclusions + Added Passive Logging mode + Added session end handling when rebooting or powering off the machine + Added DEP + ASLR on iobDLL32/64.dll files + Added option to copy blocked objects to a folder for forensic analysis + Added possibility to specify the Configuration.ini's location via command-line + Added possibility to use all the path variables also in the INI file + Show parent process fully qualified filename when a DLL is blocked + Match parent process also for DLL events + Added a new object variable to match parent process signer + Added a new object variable to match parent process SHA256 and MD5 file hash + Other optimizations Click to expand... ** Click on Variables button to see the new object variables ** We've updated the \Block\ rules for the Behavioral Mode (default) so that SOB auto-blocks the execution of processes, dlls and drivers located in folders commonly abused by malware and exploit kits, plus it blocks web browsers, adobe reader, MS Edge, etc from executing cmd.exe, rundll32.exe, regsvr32.exe, etc and from loading kernel-mode drivers and DLLs located in specific folders. So as it is configured by default in Behavioral Mode, it can be effective in preventing a malware infection, you just need to install it and forget it. We will keep improving the block rules in next versions. Example Block rules we've recently added in Process.DB: [SPOILER="Rules"][%FILEPATH%: %TEMP%\*] [%PARENTPROCESS%: *\plugin-container.exe] [%FILEPATH%: %WINDOWS%\Temp\*] [%PARENTPROCESS%: *\plugin-container.exe] [%FILENAME%: rundll32.exe] [%PARENTPROCESS%: *\plugin-container.exe] [%FILENAME%: cmd.exe] [%PARENTPROCESS%: *\plugin-container.exe] [%FILENAME%: powershell*.exe] [%PARENTPROCESS%: *\plugin-container.exe] [%FILENAME%: regsvr32.exe] [%PARENTPROCESS%: *\plugin-container.exe] [%FILENAME%: wscript.exe] [%PARENTPROCESS%: *\plugin-container.exe] [%FILENAME%: cscript.exe] [%PARENTPROCESS%: *\plugin-container.exe] [%FILEPATH%: %TEMP%\*] [%PARENTPROCESS%: *\MicrosoftEdge.exe] [%FILEPATH%: %WINDOWS%\Temp\*] [%PARENTPROCESS%: *\MicrosoftEdge.exe] [%FILENAME%: rundll32.exe] [%PARENTPROCESS%: *\MicrosoftEdge.exe] [%FILENAME%: cmd.exe] [%PARENTPROCESS%: *\MicrosoftEdge.exe] [%FILENAME%: powershell*.exe] [%PARENTPROCESS%: *\MicrosoftEdge.exe] [%FILENAME%: regsvr32.exe] [%PARENTPROCESS%: *\MicrosoftEdge.exe] [%FILENAME%: wscript.exe] [%PARENTPROCESS%: *\MicrosoftEdge.exe] [%FILENAME%: cscript.exe] [%PARENTPROCESS%: *\MicrosoftEdge.exe] ... [%FILEPATH%: %ROOT%\Users\] [%FILEPATH%: %ROOT%\Documents and Settings\] [%FILEPATH%: %ROOT%\RECYCLER\*] [%FILEPATH%: %ROOT%\System Volume Information\*] [%FILEPATH%: %ROOT%\PerfLogs\*] [%FILEPATH%: %RECENT%\*] [%FILEPATH%: %WINDOWS%\Prefetch\*] [%FILEPATH%: %WINDOWS%\Tasks\*] [%FILEPATH%: *\$Recycle.Bin\*] [%FILEPATH%: *\Recycle.Bin\*][/SPOILER] To update: 1) Close SOB 2) Make a backup of the \Allow\, \Block\ and \Exclude\ (folders if needed) 3) Uninstall SOB 4) Reboot the PC (important) 5) Install the new SOB [/QUOTE]
Insert quotes…
Verification
Post reply
Top