Windows_Security
Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Mar 13, 2016
- 1,298
MemProtected Chromium
Getting the software you need first CHROMIUM
1. Surf to Woolyss: Download latest stable Chromium binaries (64-bit and 32-bit)
2. Download 32 bits or 64 bits (scroll down) ARCHIVE of latest stable Chromium (I prefer the chromium-nosync.zip)
3. Extract the zip file, click and rename the extracted folder from chromium-nosync (or chromium-sync) to Woolyss Chromium
4. Copy the unzipped and renamed folder 'Woolyss Chromium' to Program Files or the location where you keep your portable programs,
remember it is a pre-requisite to use folder name Woolyss Chromium
5. Click on folder until you find Chrome.exe and add it to task bar and/or startmenu or create a shortcut on your desktop (each to his/her own liking)
6. Double click Chrome.exe and adjust settings to your liking and install your favourite extensions, and make one critical change,
add a subfolder in your downloads directory called Chromium, see picture
MemProtect
MemProtect is a driver only, no GUI software. The demo version is freeware, but you need to re-install the driver each year (WildByDesign is active user and is in contact with developer). The limitation of the free version is the size of the ini configuration file. But with only one program to sandbox (or better run in seperate policy hardened container) the 2K limit is suffificient to create a secure browser.
1. Surf to MemProtect - Products | Excubits scroll to bottom and download demo version.
2. Create a system restore point (just to have a fallback) and restart your PC (so Windows remembers las known good)
3. Copy downloaded memprotect-demo.exe to Program Files folder and run as admin.
4. Memprotect-demo extracts to a folder Program Files\Excubits\MemProtect
5. Navigate to \Excubits\MemProtect\ and open subfolder x86 (for 32 bits) or x64 (for 63 bits) depending on your system
6. Download the attached configuration file, rename it from MemProtect.txt to MemProtect.ini
7. Copy renamed MemProtect.ini into your Windows folder
8. Right click on the MemProtect.inf file and choose Install
9. Restart your system.
10. Everything OK?
Don'worry I will walk you through the MemProtect.ini file so you know what will be activated, my comments in red are not included in the ini file. Note lines preceded with an # are comment lines, so for instance [#Lethal] means that MemProtect is only logging the memory calls it would block and not actually blocking the calls.
________________________________________________
[#LETHAL]
# [#LETHAL] means that lethal is disabled and MemProtect is only auditing
[LOGGING]
# [LOGGING] means that MemProtect is logging its actions
[#INSTALLMODE]
# [#INSTALLMODE] means that 'install mode' is disabled (use it to install software, but not needed with my rules)
[DEFAULTALLOW]
# [#DEFAULTALLOW] means that 'default allow' is enabled. This is absolutely critical to keep it in default allow mode)
[#MODULEFILTER]
# [#MODULEFILTER] means that 'imodule filter' is disabled (is EMET ASR like functionality, not needed with my rules)
[WHITELIST]
# allow Woolyss Chromium to access its own program folder
!*\Woolyss Chromium\*>*\Woolyss Chromium\*
[BLACKLIST]
# isolate Woolyss Chromium from rest of the system
*\Woolyss Chromium\*>*
# in the logfile of MemProtect (in Windows folder), you should see only blocked calls to explorer.exe
# change above rule to $*\Woolyss Chromium\*>* to silence the log
# isolate user folders internet programs use
# this the reason why you had to add subfolder Chromium in Downloads and change it in Chrome as download folder
*\Chromium\*>*
*\Temporary Internet Files\*>*
*\AppData\LocalLow\*>*
*\Windows\Temporary\*>*
*\Windows\Caches\*>*
# block user folder access to Chromium folder
*\Users\*>*\Woolyss Chromium\*
[MODULEWHITELIST]
[MODULEBLACKLIST]
[EOF]
When something seems wrong:
1. Navigate to Excubits\MemProtect
2. Right click 'uninstall driver.cmd' and run-as Admin
3. Fallback to retore point you created before installing the driver
When all seems okay (should be unless some incompatibility with other security software might exist)
1. Navigate to Excubits\MemProtect
2. Right click 'status.cmd' and run-as Admin
3. STATE should be RUNNING
Time to enable protection
1. Open NotePad as Admin and open MemProtect.ini configuration file in Windows Folder
2. Remove # (comment tag) before LETHAL, so Memprotect.ini should show (see below _____)
3. Restart your system
______________________________
[LETHAL]
[LOGGING]
[#INSTALLMODE]
[DEFAULTALLOW]
[#MODULEFILTER]
[WHITELIST]
# allow Woolyss Chromium to access its own program folder
!*\Woolyss Chromium\*>*\Woolyss Chromium\*
[BLACKLIST]
# isolate Woolyss Chromium from rest of the system
*\Woolyss Chromium\*>*
# isolate user folders internet programs use
*\Chromium\*>*
*\Temporary Internet Files\*>*
*\AppData\LocalLow\*>*
*\Windows\Temporary\*>*
*\Windows\Caches\*>*
# block user folder access to Chromium folder
*\Users\*>*\Woolyss Chromium\*
[MODULEWHITELIST]
[MODULEBLACKLIST]
[EOF]
___________________________________________________
Getting the software you need first CHROMIUM
1. Surf to Woolyss: Download latest stable Chromium binaries (64-bit and 32-bit)
2. Download 32 bits or 64 bits (scroll down) ARCHIVE of latest stable Chromium (I prefer the chromium-nosync.zip)
3. Extract the zip file, click and rename the extracted folder from chromium-nosync (or chromium-sync) to Woolyss Chromium
4. Copy the unzipped and renamed folder 'Woolyss Chromium' to Program Files or the location where you keep your portable programs,
remember it is a pre-requisite to use folder name Woolyss Chromium
5. Click on folder until you find Chrome.exe and add it to task bar and/or startmenu or create a shortcut on your desktop (each to his/her own liking)
6. Double click Chrome.exe and adjust settings to your liking and install your favourite extensions, and make one critical change,
add a subfolder in your downloads directory called Chromium, see picture
MemProtect
MemProtect is a driver only, no GUI software. The demo version is freeware, but you need to re-install the driver each year (WildByDesign is active user and is in contact with developer). The limitation of the free version is the size of the ini configuration file. But with only one program to sandbox (or better run in seperate policy hardened container) the 2K limit is suffificient to create a secure browser.
1. Surf to MemProtect - Products | Excubits scroll to bottom and download demo version.
2. Create a system restore point (just to have a fallback) and restart your PC (so Windows remembers las known good)
3. Copy downloaded memprotect-demo.exe to Program Files folder and run as admin.
4. Memprotect-demo extracts to a folder Program Files\Excubits\MemProtect
5. Navigate to \Excubits\MemProtect\ and open subfolder x86 (for 32 bits) or x64 (for 63 bits) depending on your system
6. Download the attached configuration file, rename it from MemProtect.txt to MemProtect.ini
7. Copy renamed MemProtect.ini into your Windows folder
8. Right click on the MemProtect.inf file and choose Install
9. Restart your system.
10. Everything OK?
Don'worry I will walk you through the MemProtect.ini file so you know what will be activated, my comments in red are not included in the ini file. Note lines preceded with an # are comment lines, so for instance [#Lethal] means that MemProtect is only logging the memory calls it would block and not actually blocking the calls.
________________________________________________
[#LETHAL]
# [#LETHAL] means that lethal is disabled and MemProtect is only auditing
[LOGGING]
# [LOGGING] means that MemProtect is logging its actions
[#INSTALLMODE]
# [#INSTALLMODE] means that 'install mode' is disabled (use it to install software, but not needed with my rules)
[DEFAULTALLOW]
# [#DEFAULTALLOW] means that 'default allow' is enabled. This is absolutely critical to keep it in default allow mode)
[#MODULEFILTER]
# [#MODULEFILTER] means that 'imodule filter' is disabled (is EMET ASR like functionality, not needed with my rules)
[WHITELIST]
# allow Woolyss Chromium to access its own program folder
!*\Woolyss Chromium\*>*\Woolyss Chromium\*
[BLACKLIST]
# isolate Woolyss Chromium from rest of the system
*\Woolyss Chromium\*>*
# in the logfile of MemProtect (in Windows folder), you should see only blocked calls to explorer.exe
# change above rule to $*\Woolyss Chromium\*>* to silence the log
# isolate user folders internet programs use
# this the reason why you had to add subfolder Chromium in Downloads and change it in Chrome as download folder
*\Chromium\*>*
*\Temporary Internet Files\*>*
*\AppData\LocalLow\*>*
*\Windows\Temporary\*>*
*\Windows\Caches\*>*
# block user folder access to Chromium folder
*\Users\*>*\Woolyss Chromium\*
[MODULEWHITELIST]
[MODULEBLACKLIST]
[EOF]
When something seems wrong:
1. Navigate to Excubits\MemProtect
2. Right click 'uninstall driver.cmd' and run-as Admin
3. Fallback to retore point you created before installing the driver
When all seems okay (should be unless some incompatibility with other security software might exist)
1. Navigate to Excubits\MemProtect
2. Right click 'status.cmd' and run-as Admin
3. STATE should be RUNNING
Time to enable protection
1. Open NotePad as Admin and open MemProtect.ini configuration file in Windows Folder
2. Remove # (comment tag) before LETHAL, so Memprotect.ini should show (see below _____)
3. Restart your system
______________________________
[LETHAL]
[LOGGING]
[#INSTALLMODE]
[DEFAULTALLOW]
[#MODULEFILTER]
[WHITELIST]
# allow Woolyss Chromium to access its own program folder
!*\Woolyss Chromium\*>*\Woolyss Chromium\*
[BLACKLIST]
# isolate Woolyss Chromium from rest of the system
*\Woolyss Chromium\*>*
# isolate user folders internet programs use
*\Chromium\*>*
*\Temporary Internet Files\*>*
*\AppData\LocalLow\*>*
*\Windows\Temporary\*>*
*\Windows\Caches\*>*
# block user folder access to Chromium folder
*\Users\*>*\Woolyss Chromium\*
[MODULEWHITELIST]
[MODULEBLACKLIST]
[EOF]
___________________________________________________
Attachments
Last edited: