Question Should I block Outbound Connections only for LOLBins if I have Anti-exe?

[Azazel]

Is it sufficient? According to cruelsister outbound blocking is an important security measure.
By blocking LOLBins and untrusted Exes by anti-exe protection, effectively stops programs from connecting outwards.

Edit: For Example, Comodo Firewall blocks by Ile Rating.

 

[Bot]

While blocking outbound connections for LOLBins and untrusted exes can be a good additional security measure, it is not a foolproof method on its own. While it may prevent certain malicious programs from establishing malicious connections, there are various techniques that attackers can use to bypass these protections. Therefore, it is important to have a multi-layered approach to security, including a combination of anti-exe protection, network firewalls, endpoint security solutions, and regular software updates and patching.

 

[silversurfer]

Is it sufficient? According to cruelsister outbound blocking is an important security measure.
By blocking LOLBins and untrusted Exes by anti-exe protection, effectively stops programs from connecting outwards.

Edit: For Example, Comodo Firewall blocks by Ile Rating.

In terms of security and privacy, it’s better to block outbound connections in general for all apps what you don’t like to allow (common software, LOLBins or Windows apps like searchUI…exe). Of course, at first it’s a huge annoyance to deal with notifications from your firewall software, but no problem after a few days it’s almost quiet

Edit: what is your firewall software? Comodo or Windows Firewall Control (according to your config...)

 

[Azazel]

Windows Firewall.
I am most interested in blocking malicious outbound connections than privacy related connections.

 

[wat0114]

@Azazel

there is a nice thread found here:

Setup Idea - Default Deny Windows Firewall setup How To

Start > All apps > Windows Tools > Windows Defender Firewall Click on Windows Defender Firewall Properties on the center section. Click on each profile (Domain, Private, Public) tab change Outbound connection = Block Specify Logging settings for Troubleshooting > Customize Size Limit = 100000...

malwaretips.com

for a Windows Firewall setup at Default deny, with specific rules on only what is required to connect out/in. You should, I would think, be able to apply those rules to any software firewall setup.

 

[silversurfer]

Windows Firewall.
I am most interested in blocking malicious outbound connections than privacy related connections.

In case you meant malicious outbound connections to C&C servers, then your AV does the main job and you can setup a good DNS service what does block known C&C servers.
For LOLBins, every year again even "new" LOLBins are abused in the wild... so it's better to block outbound connections for all files you don't need connected to the internet.

 

[Azazel]

@Azazel

there is a nice thread found here:

Setup Idea - Default Deny Windows Firewall setup How To

Start > All apps > Windows Tools > Windows Defender Firewall Click on Windows Defender Firewall Properties on the center section. Click on each profile (Domain, Private, Public) tab change Outbound connection = Block Specify Logging settings for Troubleshooting > Customize Size Limit = 100000...

malwaretips.com

for a Windows Firewall setup at Default deny, with specific rules on only what is required to connect out/in. You should, I would think, be able to apply those rules to any software firewall setup.

I prefer either an automate way (Avast Firewall) or one with notifications such as Windows Firewall Control to be aware of each outbound connection and easy to read list of dropped packets.

 

[Azazel]

In case you meant malicious outbound connections to C&C servers, then your AV does the main job and you can setup a good DNS service what does block known C&C servers.
For LOLBins, every year again even "new" LOLBins are abused in the wild... so it's better to block outbound connections for all files you don't need connected to the internet.

C&C servers and connections to download payloads.