Did a clean install of xppro installed my favorite programs and set up my machine to what I'm going to be using it for. Installed latest version of Returnil v2.0.1.9001, cleaned out the white list and redid it from scratch, rules where learned as I used my system. Only functions I needed where added to my whitelist. When all was set I password protected Returnil and checked all the functions here to lock down my system. So far I have been unable to bypass the anti-execute of Returnil. Seems pretty tight, I like it.
Kind of cool not to have to run a whole lot of security programs, I choose to do this only because I can, and yes a good restore solution in case this setup gets HOSED.....funny thing is Its been a long time since thats happened been running this setup way back when the anti-execute feature was being beta tested in the China forums. :argh:

The Returnil product is great for the business environment/organisation and for using on your home setup.

I use Returnil and nothing else on one XP Pro machine.

If you carefully plan your setup as to how you want to use your system the anti-execute function with the above settings is very SOLID. Which is why I delete all the rules that exist upon initial install of Returnil and have my rules created from scratch as I use my system. I't took me less than 10 minuites. Once you understand how the program works its so simple even when doing updates for the programs you have already allowed. The best part is you'll have the functionality as well. My current setup allows me to rip, burn, listen, watch movies and music and all the good stuff. On certain programs you need to figure out what .sys driver files to add to the rulesset, just use autoruns
or similar program to find out the dirver(s) that are associated with the program(s).
Oh yeah I just did some test that involved some kind of exploit or something
here read posts 15-19 http://www.wilderssecurity.com/showthread.php?t=236641 Not sure if I did it correctly but the document did open up and that was all, I even overwritten the hmmapi.dll with the other one that I downloaded. Same result document opened and that was all. Tried running it from my USB with the Autrun.inf code [Autorun]

Shellexecute=rundll32.exe hmmapi.dll,MailToProtocolHandler %1 same result

Nothing.......:argh: Simple 20 sec reboot and got my original hmmapi.dll back. ;D

I posted a thumbs up comment last night in this thread about Returnil but it was deleted/removed. Why was that done?

Just curious.

Thanks.

Trespasser

Hi Trespasser,
I don't see anything showing deletion of a post in this thread or anything to indicate a Global Mod or Admin moved the post. Are you certain you actually posted?

Mike

Hey, ColdMoon.

Yes, I'm fairly certain I did...though the hour was late (about 1am Eastern) and I was tired. Humm, maybe I dreamed I posted...yeah, that's it!! ;). But, no matter, not really important anyway. Just wanted to say nice job with all the new features in 2.01.

What part of North Carolina do you live in, dude? My wife's got an aunt in Charlotte. :).

Later....

{QUOTE->

Yes, I'm fairly certain I did...though the hour was late (about 1am Eastern) and I was tired. Humm, maybe I dreamed I posted... <-QUOTE}


;D happens to me to, I type a post and then think I hit Submit but hit Preview instead. Then I go elsewhere. Usually I catch it but not always. In my case I can blame it on the aging process but fatigue is a good one too.

Made a mistake on the screenshot in my first post this is the correct settings.

Thanks for the correction.