What is your security setup these days?

[Hungry Man]

Applocker sounds.... invasive =p I don't ever want to have to "toggle" my security on and off. But I would like to restrict some applications from being able to read/write to certain areas.

I don't want anything being able to access certain registry keys or files/folder that belong to my security software or browser or really anything that they don't need access to.

[1chaoticadult]

Quote:

Originally Posted by Hungry Man

Applocker sounds.... invasive =p I don't ever want to have to "toggle" my security on and off. But I would like to restrict some applications from being able to read/write to certain areas.

I don't want anything being able to access certain registry keys or files/folder that belong to my security software or browser or really anything that they don't need access to.

I don't toggle security off and on lol. I haven't turned off applocker since I started using it. I have no clue what you mean. If you are toggling applocker off and on then you don't have it setup correctly IMO. I'm not gonna convince you to use applocker. Either you do or you don't, but I'm happy using it.

[Hungry Man]

Just moved my firewall alerts to Very High. Just to try it out...

What rules do you use for applocker? I basically want to block access to certain files/folder for all programs except the ones I say are ok.

[1chaoticadult]

Quote:

Originally Posted by Hungry Man

Just moved my firewall alerts to Very High. Just to try it out...

What rules do you use for applocker? I basically want to block access to certain files/folder for all programs except the ones I say are ok.

My rules are specific to my laptop in a way. Here is one thread http://www.wilderssecurity.com/showthread.php?t=272761 way you can setup applocker, look at MrBrian's posts. I basically use wat's method which is essentially auto-generate rules for exe and scripts, use default rules for MSI and DLLs but also create specific rules for dll files needed to run as well. Best thing to do it setup your rules and then use audit only mode to see what files applocker says wouldn't run if the rules were enforced. You also ask wat aka the applocker troll and he will help ya I'm sure

[Konata Izumi]

Quote:

Originally Posted by Hungry Man

Removing Mamutu. I may add it back in eventually.

EDIT: Just removed it.

Also set up a sandbox for CCCP Media Player. Removed sandbox from Comodo. Comodo is now only sandboxing two vaio services.

I'm keeping CIS installed for the cloud scanners, so that it can sandbox the two vaio services, for the firewall, and for Defense+.

Oh wow! when did you get sandboxie pro?

[Hungry Man]

A few days ago. Liking it quite a bit. Still working out kinks.

So anyone know if I can basically restrict certain files from being written to except by specific programs?

[Konata Izumi]

Quote:

Originally Posted by Hungry Man

A few days ago. Liking it quite a bit. Still working out kinks.

So anyone know if I can basically restrict certain files from being written to except by specific programs?

create a sandbox specifically for "each program" and use the resource access settings per-sandbox.

or you could do this manually for every process (see screenshot):

[Hungry Man]

I like that but what I'm trying to do is block EVERY program EXCEPT for one from accessing certain files/ folder.

For example: Comodo apparently stores some config files in userland. I want Comodo to be the only software to access them - perhaps CCleaner as well.

[Hungry Man]

Can I run Chrome at LowIL without problems?

EDIT: I guess so... doing it now! haha

[Noob]

Quote:

Originally Posted by Hungry Man

Can I run Chrome at LowIL without problems?

EDIT: I guess so... doing it now! haha

Just try it

[Hungry Man]

Seems to be working fine.

Hm... I ran it but processexplorer shows it as medium.

[Kernelwars]

Hungry you r having lot of fun with sandboxing my friend

[Hungry Man]

Yes, definitely!

Very frustrated with Chrome though... I'm trying to set it to low integrity but it won't work.

[Kernelwars]

Quote:

Originally Posted by Hungry Man

Yes, definitely!

Very frustrated with Chrome though... I'm trying to set it to low integrity but it won't work.

are you running the broker and child processes with low integrity level?

[Hungry Man]

I'm attempting to... but the broker won't go to LowIL.

[m00nbl00d]

Quote:

Originally Posted by Hungry Man

I'm attempting to... but the broker won't go to LowIL.

What are you doing to apply the low integrity level?

[tomazyk]

I removed AV so my new setup is a little lighter:

Resident:
ESET Nod32
Sandboxie (for browsers)
Malware Defender
EMET (for internet facing apps and apps that open files)
Router with SPI Firewall
Windows 7 firewall

On demand:
Hitman PRO
MBAM
Acronis True Image
Autoruns
Secunia PSI

[The Seeker]

With the amount of installing/uninstalling I do (as well as other stuff), running as a standard user was becoming irksome. Because of this, I've decided to go back to running as admin and have re-added avast! Free and removed Sandboxie. UAC is still set to Always Notify and I've beefed up my password to 16 characters.

[trjam]

back to Avira.

Quote:

Originally Posted by Hungry Man

I basically want to block access to certain files/folder for all programs except the ones I say are ok.

Then instead of allowing all for %PROGRAMFILES% and all its subdirectories, you could instead simply, for example, allow for %PROGRAMFILES%\internet explorer, %PROGRAMFILES%\Firefox\*, %PROGRAMFILES%\Secuna\*, %PROGRAMFILES%\Java\* ...etc

IOW, you allow very specifically only those programs you want. The rest will be default-denied.

Alternatively, you could allow all under %PROGRAMFILES%, then add exceptions to those programs you want to deny.

[m00nbl00d]

Quote:

Originally Posted by wat0114

Then instead of allowing all for %PROGRAMFILES% and all its subdirectories, you could instead simply, for example, allow for %PROGRAMFILES%\internet explorer, %PROGRAMFILES%\Firefox\*, %PROGRAMFILES%\Secuna\*, %PROGRAMFILES%\Java\* ...etc

IOW, you allow very specifically only those programs you want. The rest will be default-denied.

Alternatively, you could allow all under %PROGRAMFILES%, then add exceptions to those programs you want to deny.

The latter option would be better. I think it's Microsoft's recommendation also. I think I've read it somewhere; not sure, though.

Quote:

Originally Posted by m00nbl00d

The latter option would be better. I think it's Microsoft's recommendation also. I think I've read it somewhere; not sure, though.

Right, specifically they recommend the allow with exceptions option as opposed to a combination of allow and deny rules. I just looked it up in my AppLocker manual

[CogitoTesting]

Quote:

Originally Posted by trjam

back to Avira.

Coming from where?

Thanks.

[Hungry Man]

Quote:

Originally Posted by m00nbl00d

What are you doing to apply the low integrity level?

icacls "C:\Users\your_username\AppData\Local\Google\Chrome\Application\Chrome.exe" /setintegritylevel (oi)(ci)Low


@Wat/m00n, I'll see what I can do.

[CogitoTesting]

Quote:

Originally Posted by Hungry Man

I'm attempting to... but the broker won't go to LowIL.

I was reading your signature and wow you have quite a set-up. Could you tell me why you removed IE9?

Thanks.