Classic Anti-exe won't protect against those attacks, for that you need some kind of memory protection feature.
So can recommend some software to protect against those mentioned 10 process injection techniques?
Thanks
Appguard , Comodo (in some extent, its BB has Shellcode Injection protection feature), some AV suites, HMPA, etc..
- Apr 1, 2017
- 1,782
- Jul 3, 2015
- 8,153
Anti-exe with vulnerable processes protection will generally nip these exploits in the bud. It can't stop the exploit once it starts, but it can stop the attack from beginning in the first place.
not against fileless attacks like Reflective DLL Injections.
Anti-exe are out of the game against memory attacks.
- Apr 1, 2017
- 1,782
no , Reflectine dll injection is the dll being modified in memory , not a dll being executed.
read my post above to know what may block memory attacks.
So can VS or SecureAPlus do it? Can't find a feature to protect vulnerable processes.
Thanks
The thread is about memory attacks , VS won't react , it doesn't have memory protection features; however if the said attacks use executables or vulnerable processes (Windows Processes commonly used by malwares), VS should block them.
- Apr 1, 2017
- 1,782
I know anti exploit softwares can block these attacks.from what I read Malwarebytes anti exploit(free) can block memory attack but Idk how effective Malwarebytes is, that's why I asked.
Some people said that MBAE is now integrated in MBAM, you should check.
MBAM can't block memory attacks
- Jul 3, 2015
- 8,153
My point is like this: what is doing the injecting? How did it get into the system?
I admit that anti-exe will not always protect against advanced worms that spread laterally through a network, but that is not a threat that home users face.
Barring network worms, the fileless attack will not be able to do damage unless it can abuse a vulnerable process. So just protect those processes, and you are safe.
You want to recommend NVT ERP? But is NVT ERP still in development?
NVT ERP -- mark vulnerable process as safe parent process?
Thanks
- Jul 3, 2015
- 8,153
AFAIK, any good anti-exe should do the job for a home user.
These are some decent options:
1 NVT ERP, despite lack of development, still does the job
2 VoodooShield
3 ReHIPS
4 Kaspersky with tweaks
5 Comodo with either containment or HIPS
6 SpyShelter with proper settings
By the way, that thread of mine, which you linked to, I asked that question when I was trying out ERP for the first time, and I didn't yet understand how it works. The other posters set me straight.
Yes, it is still being developed.
Does VS specify a list of vulnerable processes for the user like NVT ERP? Otherwise how to get VS to do it?
- Jul 3, 2015
- 8,153
With VS it is all hard-coded. Ask @Umbra, but I think you can rely on Dan to do the job right with the vulnerable processes. Based on what I have seen, VS handles them well.
There is many vector attacks, and many don't use any file dropped on the HDD, so what an anti-exe will do? basically nothing...
The topic is about process injections not home user threats or not. stay on topic.
You need to do some more researches about attack vectors, your understanding of attacks is too limited to exe and vulnerable processes.
Do you know that you can load cmd/powershell scripts without the use of powershell.exe or cmd.exe ?
Also, what about dlls, libraries, etc... ?
Similar threads
