Advanced Security TuxTalk vs. The Malware Multiverse - Setup 2025

[Victor M]

AV is a blacklisting tool; all is good, except which is known as bad.
App control is a whitelisting tool; all is bad, except which is known as good.

For a moment there I thought you were abandoning WDAC

 

[Parkinsond]

For a moment there I thought you were abandoning WDAC

If you are using few number of signed, prevalent programs, WDAC will not cause annoyance.

 

[Parkinsond]

It seems SecureAge CatchPulse offers usable default-deny for home users. It has "application control" and you can turn off trust based on digital signature which reminds me of Kaspersky's Application Control.

WDAC is more strict than SAC; if you can afford dealing with its false positive blockage, it is very efficient as it will not let any unknown exe or dll.

 

[Divine_Barakah]

WDAC is more strict than SAC; if you can afford dealing with its false positive blockage, it is very efficient as it will not let any unknown exe or dll.

I was offered a free license to CatchPulse. I am going to give it a try. I used it back in the time when it was called SecureAplus. I like its application control and I believe it is easier to mange than WDAC.

 

[Parkinsond]

I was offered a free license to CatchPulse. I am going to give it a try. I used it back in the time when it was called SecureAplus. I like its application control and I believe it is easier to mange than WDAC.

Enjoy your license, and stay safe.

I consider app control not necessary for home use, it was created for corporate sector at the beginning, then getting adopted by some vendors for home PC.

If not using activators and your installers are downloaded from the official websites, you might get a peep from app control in a lifetime; only WDAC may peep for newly released, less prevalent installers.

 

[LinuxFan58]

@TuxTalk still on Avast or back to Eset again (I noticed you posted ESET warning in Trident's feed)?

 

[Victor M]

and I believe it is easier to mange than WDAC.

But WDAC is free. And so are the tools.
And WDAC gives you signature or hash or path based rules.

 

[Divine_Barakah]

I am creat

But WDAC is free. And so are the tools.

I've seen a product by @danb to manage WDAC. I'll give it a try too.

 

[Parkinsond]

I've seen a product by @danb to manage WDAC. I'll give it a try too.

Do not forget if you enabled WDAC then disabled and installed 3rd party AV, MD process will run in the background even if MD is completely disabled; the reason I do not enable WDAC if there is a chance of using a 3rd party AV later.

 

[Victor M]

do not enable WDAC if there is a chance of using a 3rd party AV later.

What happens when you delete all your .cip files from \system32\codeintegrity\cipolicy\active ? Does it interfere with the new AV ?

 

[Parkinsond]

What happens when you delete all your .cip files from \system32\codeintegrity\cipolicy\active ?

Antimalware service executable still running and consuming approx 100 MB of RAM.
After disabling SAC, all MD-related processes are off, when 3rd party AV is on.