Advice Request What is a good anti-exploit software for Windows 7?

Please provide comments and solutions that are helpful to the author of this topic.

RoboMan

Level 34
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
"You are wrong."

"Windows 7 is the best OS ever! No bloatware. No security updates. No probems."

/s


Source: Windows user's mindset.
I have heard this so many times... Even on "IT professionals forums/groups", disabling updates and calling others to do it, because according to them: updates always ruin your system and make it slower. And here I was, thinking patches are meant to fix, stupid Robo.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
...
If you are concerned about exploit of MS Office applications, and this is a very valid concern, EMET is probably effective on Windows 7, although the "anti-document exploit" feature of Hard_Configurator might be even better. Maybe @Andy Ful has something to say about it.
Windows 7 OS and applications are coded in C, C++, and C# - they are by design vulnerable to memory exploits, and there is not exist an application that could prevent this.
Using SUA can mitigate about 80% of OS exploits. Very important is also updating Windows and applications.
HitmanPro Alert or Emet can be used to mitigate memory exploits in applications. Restricting MS Office and Adobe Acrobat Reader (or even better not using both) can prevent most exploits introduced via weaponized documents.
SRP and anti-exe can be used to prevent running some exploits and block execution of payloads (post-exploitation protection). But, this also will require to block LOLBins.
Restricting scripts can be beneficial for preventing exploits (exploit kits) introduced by scripts.
Generally restricting/hardening Windows (disabling SMB, remote features, unused services, etc.) or using isolation/virtualization can prevent or mitigate many exploits too.
 
Last edited:

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
Regular Acrobat Reader and Foxit Reader are supported, not sure the paid version isn't?
You can ask the dev or add them yourself in the pro version.
unfortunately i donot have pro version also in pro (also i have bought cheap licence for Foxit phantom standard ) i cannot afford the fees of upgrade so i want to know if i can protect it from exploitation as it will not receive any major updates which of course include security updates
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
unfortunately i donot have pro version also in pro (also i have bought cheap licence for Foxit phantom standard ) i cannot afford the fees of upgrade so i want to know if i can protect it from exploitation as it will not receive any major updates which of course include security updates
I don't know, because I don't use those 2 programs.
Just ask Dan the developer by mail: support at voodooshield.com
It could be that they are already supported or that he will add them. :unsure:
Doesn't hurt to ask...
 
F

ForgottenSeer 823865

The real definition of "Exploits" are in-memory attacks which can only be circumvented by tools like HMPA, MBAE, EMET/Windows Exploit Protection (those are true anti-exploit) or apps with some memory containment.
The worst kind, Kernel Exploits can only be prevented via OS patching.
What all of you are saying when talking about exploits is misnomer, and is in fact POST-exploitation (use of LOLbins, scripts, etc...).

But it is more exciting marketing-wise to use the term "anti-exploit" than "anti-post-exploitation". After all , average users won't do the difference and justy buy.
 

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
the real definition of "Exploits" are in-memory attacks which can only be circumvented by tools like HMPA, MBAE, Windows Exploit Guard or apps with some memory containment.
The worst kind, Kernel Exploits can only be prevented via OS patching.
What all of you are saying when talking about exploits is misnomer, and is in fact POST-exploitation (use of LOLbins, scripts, etc...).

But it is more excuting marketing-wise to use the term "anti-exploit" than "anti-post-exploitation". After all , average users won't do the difference and justy buy.
So blocking those types of script excuting via osarmor may be a proactive defense about this type of attacks related to memory one or need some didcated programs such as MBAE or HMPA ??
 
F

ForgottenSeer 823865

So blocking those types of script excuting via osarmor may be a proactive defense about this type of attacks related to memory one or need some didcated programs such as MBAE or HMPA ??
Everything acting in-memory need in-memory protection as i mentioned above (if not we won't need HMPA and co). there is no other way.
However, if the exploit is using LOLBins/LOLscript to do other malicious actions, then yes anti-exe like OSarmor may interrupt the attack chain but your system is still already breached.

note: some security suites (especially corporate ones like SEP, etc...) usually offers some kind of Exploit Protection on top of their Post-Exploit prevention system.
 
Last edited by a moderator:

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
So blocking those types of script excuting via osarmor may be a proactive defense about this type of attacks related to memory one or need some didcated programs such as MBAE or HMPA ??

Your best free anti-exploit option is MBAE.

I would also email Dan at VS and ask him about joining the forum and using beta (for its anti-exe protection).

Those two work well together on older hardware.
 

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
Everything acting in-memory need in-memory protection as i mentioned above (if not we won't need HMPA and co). there is no other way.
However, if the exploit is using LOLBins/LOLscript to do other malicious actions, then yes anti-exe like OSarmor may interrupt the attack chain but your system is still already breached.

note: some security suites (especially corporate ones like SEP, etc...) usually offers some kind of Exploit Protection on top of their Post-Exploit prevention system.
Does EAM offer such protection :unsure: :unsure: ??
 
F

ForgottenSeer 823865

Does EAM offer such protection :unsure: :unsure: ??
EAM is an AV, not an anti-exploit, however he has a behavior blocker which is able to monitors attack vectors and block post-exploitation.

I have to say that the chance for a home user to cross a memory exploit is slim.
Even me, all the exploits alerts I got from HMPA were false positive due to other security softs doing dlls injections.

So if you are on Win10, using a decent AV having a default-deny component, you should be good. Of course don't have risky behaviors.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top