VS (and anti-exe) Discussion

L

Lucent Warrior

hjlbx said:
VS won't protect against a browser exploit that abuses whitelisted Windows processes to bypass application whitelisting. A ransomware *.tmp will inherit whitelist status from the trusted Windows process run sequence and run unrestricted...
Click to expand...
So what you are saying, is this setting here is null and void..
VS anti exploit.png
 
  • Like
Reactions: Logethica, shukla44, Der.Reisende and 5 others
H

hjlbx

Lucent Warrior said:
So what you are saying, is this setting here is null and void..
View attachment 117577
Click to expand...

I have no idea what that setting does. Does anyone really know? All I know is that I watched the video on kafan.cn about 6 months ago and application whitelisting bypass was used after the IE exploit. I watched carefully and saw it with my own two eyes - and that's all the proof I need. NVT ERP, VS, SpyShelter, Bitdefender,... I can't remember them all... were bypassed. AppGuard was not bypassed in Protected Mode...

With that last sentence, the rest is history with me... 1 + 1 = 2
 
  • Like
Reactions: shukla44, Der.Reisende, harlan4096 and 2 others
L

Lucent Warrior

hjlbx said:
I have no idea what that setting does. Does anyone really know?
Click to expand...
Im sure the Developer does :)

It would be my understanding that it protects against exploits, how long this has been applied to the product im not sure, as i just started using it roughly over a month ago.

hjlbx said:
AppGuard was not bypassed in Protected Mode...

With that last sentence, the rest is history with me... 1 + 1 = 2
Click to expand...

They have strengths and weaknesses, all products do. Appguard in protected mode, will let any signed application walk in, how far depends on what it does of course.

I know that i have hammered VS with tons of malicious website links, as well as samples placed strategically through out the system, and i have not bypassed it.
 
  • Like
Reactions: Logethica, shukla44, Der.Reisende and 6 others
H

hjlbx

Lucent Warrior said:
Im sure the Developer does :)

It would be my understanding that it protects against exploits, how long this has been applied to the product im not sure, as i just started using it roughly over a month ago.



They have strengths and weaknesses, all products do. Appguard in protected mode, will let any signed application walk in, how far depends on what it does of course.

I know that i have hammered VS with tons of malicious website links, as well as samples placed strategically through out the system, and i have not bypassed it.
Click to expand...

I don't know what changes were made. I saw a tidbit when I dropped-in to take a "look-see" and I gathered that browsers are now hard-coded not to have any child processes - other than what is necessary to use the browser - when VS is ON. If that is the case, then issue should be solved.

You have to find an exploit page that is specifically followed by an application whitelist bypass attack.

Despite what others will say, I'm not bashing VS; actually I hope the issue has been fixed.

I bash AppGuard everyday - and bring, at least some folks, near to tears. I've been told I'm a scathing pain-in-the-ass. I take that as a compliment. :D

upload_2016-10-7_22-27-30.jpg
 
  • Like
Reactions: shukla44, Der.Reisende, safe1st and 6 others
XxX Legolas XxX

XxX Legolas XxX

Level 3
Verified
Well-known
Sep 20, 2016
116
hjlbx said:
I have no idea what that setting does. Does anyone really know? All I know is that I watched the video on kafan.cn about 6 months ago and application whitelisting bypass was used after the IE exploit. I watched carefully and saw it with my own two eyes - and that's all the proof I need. NVT ERP, VS, SpyShelter, Bitdefender,... I can't remember them all... were bypassed. AppGuard was not bypassed in Protected Mode...

With that last sentence, the rest is history with me... 1 + 1 = 2
Click to expand...
Can you fine video what you watch about bypassing NVT ERP, VS, SpyShelter, Bitdefender,... ?
 
  • Like
Reactions: shukla44, Der.Reisende, _CyberGhosT_ and 1 other person
L

Lucent Warrior

J Gamez065 said:
Never got a ransomeware attack EVER. Haven't really used an adblocker and not really going to start. I shouldn't be worried about ransomeware but more inexperienced people should.
Click to expand...
It is a mistake to think that experience and knowledge will save your skin every time 100%, this is because nothing ever stays the same in cyber security, always evolving, meaning there is always more to learn, and sometimes the hard way.... Back ups are the solution, your fail safe, should anything ever happen.
 
  • Like
Reactions: Logethica, shukla44, Der.Reisende and 7 others
H

hjlbx

I take this approach. I keep nothing on my system that I am not willing to lose. Data loss comes in all forms - hardware meltdowns, OS crashes, soft malfunctions, user mistakes, etc, etc.

Data loss due to malware (and more specifically ransomware) is only a tiny fraction of what and why data loss happens on a day-to-day basis in real-world IT...
 
  • Like
Reactions: shukla44, Der.Reisende, XhenEd and 5 others
You must log in or register to reply here.

Similar threads

cartaphilus
    • Like
Question What good is Voodoo shield?
Replies
6
Views
1,201
VoodooShield
ForgottenSeer 100397
F
pithlyx
    • Like
Advice Request Do I Need an Anti-Malware?
Replies
20
Views
1,287
General Security Discussions
JordanMason8
J
Shadowra
    • +Reputation
    • Like
    • Thanks
App Review Adlice RogueKiller Anti-Malware Pro 2024
Replies
9
Views
746
Video Reviews - Security and Privacy
vaccineboy
vaccineboy

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top