How to properly set up Geswall

Set to medium but in High with ShadowDefender on when my son goes surfing
And thanks for the link to the GeSWall custom rules Aigle

Ian

 

Medium is default & give solid portection already.

 

U r welcome.

 

I have added Threat Gate protection for my CdRom device in Resources; to add Threat gate protection for my USB drive do I simply enter "\Device\USB" as the resource in the Resource Properties window that opens up from 'add resource'.
Also, is it possible or even sensible to make "My Documents" confidential rather than adding individual folders to the default confidential folder within My Documents? Hope that makes sense. If that is a stupid idea or thing to do please say so, no offense taken, I'm still learning

Ian

 

It will not work as I know. USB protection is still on to-do list. GW has also problems with non-NTFS file system( FAT).

U can do it but u will be irritated by the confidential folder access pop up for some applications like ur browser etc. U have to press Deny each time as there is no option To Remember This action. That is alos on to-do list.

 

hi aigle
i see that you know how well GeSWall works and i have a question for you.
can GeSWall free or GeSWall pro blocks or Prevents a cross-site scripting attack that introduces malicious scripts injection into iexplorer?

 

Many thanks for your replies aigle. Will wait for USB fix, just continue to be vigilant in the meantime. I have NTFS so no problem there.
Your answer re confidential folders was much as I expected. If you don't ask you don't find out.

Ian

 

On a USB you can not label individual files as trusted or untrusted.

However, you can add USB devices as Threat Gates, meaning that any executable started from the USB device will run isolated.

The rules to be created in Resources for this (and other devices) are given in:

https://www.wilderssecurity.com/showpost.php?p=1202946&postcount=24

 

Thanks. I remember that discussion in the past but so far i have not tried it. I will try it now. Nice tip.

 

Ofcourse not.

It,s not job of a sandbox and no sandbox can do this. For Cross Site Scripting we will need something else instead.

 

cause i was told at sandboxie forum that sandboxie does blocks this type of attack.

 

I don,t think so, it( and no Sandbox/ HIPS) can stop Cross Site Scripting according to my understanding. However they can stop damage from malicious java scripts excuted by the browser. The two things are different.

 

Hello jjmonge,

To the best of my knowledge, until proven otherwise, SandBoxie(SBIE) does not block cross-site scritpting(XSS). The same goes for BufferZone(BZ), DefenseWall(DW) and GeSWall(GW). Keep in mind that XSS is just a "means" to redirect one's web browser to a malicious site, steal private/sensitive information or expose one to drive-by-downloads(malicious payload delivered via manipulated javascript, iframes, ActiveX & Flash and exploit targeted malware).


Peace & Gratitude,

CogitoErgoSum

 

i was told that what ever is inside the sandbox will stay inside the sandbox without getting any damage.

 

Just tried it and it works great. Thanks

 

Happy to contribute.

Henk1956

 

Ok, for an additionl protection here is how to make a global custom rule that will deny internet access of all applications running inside GesWall except those u allow explicitly. It will stop any malware running untrusted from sending any info out of ur system.

Open GW Console, go to resources. Find the rule for network and open its properties via right click menue or by double clicking it.

Security Class: Threat Gates
Resource Type: Network
Resource: *

Change security class to confidential. Now no application running inside GW will be able to get internet access( however by this rule u might loose the pop up u get when some application tries to access network and GW offres to run it isolated- for some applications).

Next allow ur internet programmmes like browsers, messengers to access internet while running inside GW by creating an exception rule for each.

See example for Opera. Open GW console. Go to Application> WEb Browsers> Opera. Right click and choose Add Rule.

Resource Name: *
Resource Type: Network
Access Permission: Allow

Click OK to add rule. Now opera can access the network. Add rule similarly for all intenet related applications u run inside GW.

Note: A minor glitch, I have noticed that for new rules to work properly sometimes u need to stop n restart GW service ( gswserv.exe)- go to Start> Run , type services.msc, press Enter, it will open services, select GW service and select restart. Or u can simply reboot ur PC. However it,s not always necessary.

 

Here is an exmplae. I run UltraExplorer inside GW and tried to check for updates. Internet access was denied.

 

Hi

What's the difference between Medium and High?

Thanks

 

from GentleSecurity Online Documentation...

 

Hi

OK. Thanks. If an unknown application was running, would it be restricted?

Thanks

 

It depens upon the parent applications who created it and/ or launched it.

 

Hi

Well what if I just opened a malware without realising it?

Thanks

 

No Sandbox will protect u if u executed a malware as trsuted, by urself.

If the malware came via an isolated application, say ur browser, it will be tagged untrsuted and even if u execute it( or it,s executed as a drive by download), it can,t damage your system.

However if you marked it trusted and then executed, it will do its evil job. It,s true for all sandboxes.

 

Seems like a lot of people are using
one of Shadow Defender, Defensewall, Geswall
for their main security appz.
I use Defensewall though
Is Shadow Defender also good?