Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
VoodooShield
VoodooShield Latest
Message
<blockquote data-quote="Lenny_Fox" data-source="post: 918246" data-attributes="member: 82776"><p>[USER=87079]@Tutman[/USER]</p><p></p><p>Only two feature (of the many of MB anti-exploit) overlap with VoodooShield:</p><p>1. Spawning of executables by MBAE protected apps</p><p>2. Execution of files downloaded by MBAE protected apps</p><p></p><p>So where the last protections of MBAE end, the protection of VS starts. VS does not try to stop the intrusion (there are so many vectors), only the result (execution of code from disk or memory).</p><p></p><p>Nowadays Microsoft products have a lot of build-in exploit protection features, e.g. Edge does not allow non-Microsoft DLL's to load in its renderer processes and Microsoft Defender has Attack Surface Reduction rules which prevents browser and mail client to spawn down loaded executable code and Office programs to start other programs. Also Windows 10 has more advanced anti-exploit features than Windows 7 which covers the Windows 7extra EMET-protection features by default..</p><p></p><p>Windows Defender ASR rules even work when you use another Antivirus, so to be honest, the protection of MBAE is great when you use Windows7 but is marginal when you use Windows 10 with Configure Defender (to enable ASR easily) and VoodooShield (when everything else fails).</p><p></p><p>Consumer grade intrusions shifted from exploits and lacking memory protections to using Windows build-in execution options (also called sponsors and Living of the land binaries). VS does a good job in restricting Sponsors/LOLbins. So I would not use MBAE anymore in Windows10+VoodoosShield setup.</p></blockquote><p></p>
[QUOTE="Lenny_Fox, post: 918246, member: 82776"] [USER=87079]@Tutman[/USER] Only two feature (of the many of MB anti-exploit) overlap with VoodooShield: 1. Spawning of executables by MBAE protected apps 2. Execution of files downloaded by MBAE protected apps So where the last protections of MBAE end, the protection of VS starts. VS does not try to stop the intrusion (there are so many vectors), only the result (execution of code from disk or memory). Nowadays Microsoft products have a lot of build-in exploit protection features, e.g. Edge does not allow non-Microsoft DLL's to load in its renderer processes and Microsoft Defender has Attack Surface Reduction rules which prevents browser and mail client to spawn down loaded executable code and Office programs to start other programs. Also Windows 10 has more advanced anti-exploit features than Windows 7 which covers the Windows 7extra EMET-protection features by default.. Windows Defender ASR rules even work when you use another Antivirus, so to be honest, the protection of MBAE is great when you use Windows7 but is marginal when you use Windows 10 with Configure Defender (to enable ASR easily) and VoodooShield (when everything else fails). Consumer grade intrusions shifted from exploits and lacking memory protections to using Windows build-in execution options (also called sponsors and Living of the land binaries). VS does a good job in restricting Sponsors/LOLbins. So I would not use MBAE anymore in Windows10+VoodoosShield setup. [/QUOTE]
Insert quotes…
Verification
Post reply
Top