@Windows_Security Could we apply this method to a wider area such as C:\Users\* without causing any issue?
Conflicts: Yesterday I tried MemProtect on my real machine (in the Shadow Mode of Shadow Defender). Immediately after I started the service of...
@Windows_Security Until now, I only use MemProtect on my VMs. It has not caused any trouble to me. :) The reason why I personally think the...
@Windows_Security Hi, just now I do some small tests and now I can confirm that the priority symbol "!" can actually be used in MemProtect in my...
I asked Florain that whether MemProtect supports the priority symbol "!", he said it could support. So maybe you can try the following rules (I...
It seems that this problem has been reported several times. For example:...
I think here you mean that if there are two users A and B, you want to create a rule that only allows A to access example.txt but prevent B to...
Could this be utilized by malwares? I think maybe you could submit this case to Florain.
@Windows_Security Please execute the script as the administrator. :)
Regarding the integration, Florain has ever told me that Pump would be integrated into Bouncer. I am not sure about MemProtect. I hope MemProtect...
I do not think so. With @WildByDesign 's config, any processes launched from the user space (such as C:\User\*) would be prevented from touching...
@Barb_C Hi. I think I have a problem of updating AppGuard. In the past, I installed AppGuard v4.2 on my laptop. When I find that v4.3 is...
@WildByDesign Thank you for sharing your config and the news. Please also update the Bouncer thread on malwaretips :D
One more question here: If the Trusted Application feature is implemented with user accounts, I guess it could be inherited, correct? I mean, if...
Thank you for your answer @Windows_Security and @Dzp5t :)
I guess here you mean that if I set an executable as Trusted Application but do not set it as "No-execution", then it would be able to elevate to...
Does this mean that Secure Folder can and only can do what we could do by manually configuring the security property tab? I have not tried this...
I tend to consider this as a common problem of HIPS programs... I found that even on a 32-bit VM, many HIPS programs cannot capture and prevent...
This statement is not precise enough.:D More precisely, what I found was that, on 64-bit systems, when a parent process takes Action 29 & 36 to...
@WildByDesign Thank you for your test.:thumb: Regarding your test on the CSharp program, it seems that the log generated this time is not...
As far as I know, .NET applications do not need an interpreter like java.exe as the entry point of execution. In such case, how could...
Hi, when I update EEK 11, I find that in most cases it has only one network connection (i.e., not parallel), as shown in the following screenshot:...
I have done this several days ago, but I found that OFP will still automatically and periodically update the "news".
Hi, I have a question. When Agnitum stops updating OFP, would OFP alert the user that it has not been updated for a long time? I think people who...
@WildByDesign Thank you for sharing your rules. Could you briefly explain the meaning of your rules for command lines? It seems that there is no...
Separate names with a comma.