FreezeX

[spiff5000]

Anyone know something about FreezeX. I'm currently beta testing. Seems to be an application and overflow protection tool, much like Prevx, but hopefully more stable. Only comment so far is, unlike Prevx, the dialog box has no checkbox to remember to take the same action on a process.

-Spiff5000

[controler]

spiff

can you tell me if this works at the ring0 level ?

http://www.faronics.com/html/Freezex.asp

thanks

controler

[controler]

Hello

I contacted their tech support to ask if they use a kernel driver ect. and they
said they could not tell me that info.
That is too sad since most people want to know if a software is working at the kernel mode level.
Why? well it is never a good idea to run more then one program at the kernel mode level. Second,, At kernel mode level, their is more control as far as stopping injection ect.
I really don't see the harm in saying yes or no to a simple question.

controler

[spiff5000]

As far as I can tell, it is kernel level (ring0). Using TaskInfo, I can see 2 non-MS library files called RSMHOOK.dll and wincmes.dll, and a kernal mode driver called KxNT.sys. It runs at normal priority.

It's hard to tell what FreezeX does. Occasionally, I get a pop-up that says something like "action prevented because it violated the policy" but I haven't been able to associate that message with any activity. I know it doesn't play well with Prevx, which I decided to uninstall for this beta.

Another thing, TaskInfo goes 100% when I view the Drivers, which it didn't do before, but I'm not sure if FreezeX has anything to do with that because it shows no activity.

It has absolutely no settings. It's either on or off.

What do you think the best way is to test this prog? In other words, how would someone test Process Guard, SSM or Intrusion Prevention?

-Spiff5000

[spiff5000]

I spoke too soon. I just downloaded pcAudit. I received the "violation of acceptable use policy" and the File Download window had the Open and Open Folder buttons greyed-out.

Interesting. My download was not saved to file folder I selected. I wonder if the temp file still exists...

nope. It gone. I have to admit that's pretty impressive. Now I have to figure out how to download and install legit apps without this thing preventing it.

-Spiff5000

[Notok]

Looking at the website and users manual, it looks like freezex is made primarily for businesses, it just locks everything down so that nothing can be run, installed, downloaded, or executed that's not specifically allowed by the administrator. More than an "application firewall", it just locks everything out so that people can't install their own apps, play games or mp3s on company time, etc. It's more for security from physical users doing things that they aren't supposed to, rather than internet threats. I also didn't see anything about buffer overflow protection. The only situation I could really see this app being in a home system is maybe a family situation where the parents want to makes sure the kids aren't doing anything except homework on the computer.

I don't see how this compares to Prevx at all.. Prevx mainly watches for anything trying to access or change certain files or settings and intercepts them like a firewall does internet access, FreezeX simply doesn't allow anything to run at all (that's not in the "whitelist")

[controler]

I did not try it mainly because I did not like their attitude

I am still trying PrevX.

controler

In addition to what spiff said, I think freezex is safe except that it denies access to new exec programs as a result of lockdown on previously scanned files. Futhermore, I went deep into %systemroot%\system32 folder and found some dependencies, which I think is responsible for the creation of a protection folder by the name "Microsoft" for an existing user (which I think is to give permission to files by/from microsoft) and a LogLaun.DLL file which is a Logon launcher which I only know little of it's use as implied by its name and properties.

But how can one get rid of this program? I looked into the registry files and found nothing there... Even add/remove was of no help which brings me to the point that there seem to be a form of secure encryption and may require creative tech support to get rid of it safely. You can get a copy of the user guide at http://www.faronics.com/doc/FreezeX_Manual.pdf.

x3n0

Please note that there is a file in the system32 folder named "FxServs.exe". It is a 16-bit non-visible operational program. I'm still yet to clarify if it is of threat as it seems to be exhibiting properties similar to some spyware program. This doesn't mean that it has got spyware but there is something I want you also to look into... In program files you'll find a folder named faronics which contains some files with the .fzx which seems to be exhibiting a continuous replication upon execution and use of programs on your computer. Well, it all seems too confusing now to say, wether or not, if it is a monitoring or protection tool.

I am on the verge of disassembling FxServs.exe as I am keen to understand its operation and relation to other files running on my computer. Moreso, there seem to be the issue of having to take caution if you see the need to get rid of the program because I have experienced and worked with alot of programs of this kind. Programs of this kind, if after use remains unsatisfying, tend to cause loss of valuable files.

It is a brilliant program but needs to fully understand the wants of their customers.

Please contact me if you have any ideas or queries regarding the use of freezeX: xenofret@yahoo.co.uk