Faronics Anti-Executable Version 4 is Released

Hello, Thankful,

Sorry it didn't work out.

----
rich

 

I received confirmation from Faronics about spoofed DLLs not being blocked, and that this will be corrected in the next release -- no date given at the moment.

------
-rich

 

@ Rmus

Pity it doesn't block spoofed DLL's Be interesting to hear what Faronics say, and if they fix it quickly.

Are you only using V4 on WinXP SP3, or on your 2000 as well ?

 

Hi,

since 2004 that i hear Rmus talking about DP and AE, i finally concede that he was in advance: if most average users have used the same protection, most infections were be prevented.
I've used myself a whitelist approach in 2004/2005 with the combination of Abtrusion Protector and System Safety Monitor.
I guess that this is an easy way to lock a system.
I've used the 2008 version of AE to play a defeating/bypass game, and of course, like most security soltions, this is not the panacea.
I guess that Rich would be interesed in the SANS paper:
http://www.sans.org/reading_room/wh...ication-whitelisting-panacea-propaganda_33599

A few white list vendors/tools were have been forgotten, like a few bypassing methods (sorry, not the board for ).

Since cmd.exe for instance is on the white list, this is a high level of risk, since we know some "exotic commands".
In all case an exellent HIPS and approach.

Rgds

 

I have the feeling that versions 3-4 were optimized for Windows XP, as I guess the majority of the institutions who use AE and DeepFreeze would still have XP as their most common OS (libraries and Universities are not really under pressure to upgrade to Win 7 or Vista for that matter).

I have 2 XP machines with AE V3, and it works perfectly, V4 with Vista was unusable (see post #7) V3 with Vista worked in its latest upgrades, but not perfectly (slow start up, CPU at maximum for minutes, general sluggish performance).

I guess it is a matter of time as Win 7 will eventually supplant completely XP, AE V4 will probably be fine tuned to it. It is a great application when it works.

 

AE is blocking Firefox, and not giving me any option to allow it or add it to the white list. Have I done something wrong with my white list policy? It gives me the option to allow or deny, and add to the white list all other programs thus far.

 

Well, that is certainly strange! That is the Alert that pops up when something on the Black List attempts to execute.

Check your Black List to see if possibly your FF executable somehow got listed...


----
rich

 

Only on WinXP - Versions 3 and 4 don't run on Win2K.

----
rich

 

Thanks Rmus,
I did not see anything on the black list. I wish I had more time to trouble shoot this. I'm an Online Armor beta tester, and they released a new beta build so I need that machine now to beta test OA with. I may give it another shot later.