Anything like Returnil 2008's anti-exec plugin?

I'm currently looking around in vain for something like R2008's anti-executable plugin. Why? Because it offers something very basic that many HIPS don't have... It's got both a query (Allow/Deny/Remember Decision) mode, and a whiltelist mode where it blocks everything not explicitly allowed.

I've tried some alternatives...

- Trust-No-Exe: has whitelisting, but no query mode.
- Winsonar: doesn't query for new executables during training, which from a security standpoint isn't as good (at least IMO).
- Privatefirewall/Outpost Free: no whitelist mode, only popups. Also, Outpost stupidly defaults to the "Allow" option for some popups.

Is there anything else like this, either free or reasonably priced for home use? Failing that, is the most recent version of Returnil 2008 secure enough to be usable?

 

How about SRP built-in Windows tool:
http://www.mechbgon.com/srp/

 

Hello Gullible Jones


When I left Returnil after 2008 was phased out,, I was in the same position.
I tried Process Guard,but it seemed a pretty bulky solution to try
and replace the elegantly simple no-overhead Returnil 2008 AE module.

I would feel safe with Returnil 2008,but my licence is expired,and there is no
way to renew.

I made a sort mini white list based "anti-executable" out of my sandbox
for WindowsExplorer.

It takes a little time to file path "white list" what you want to allow,and it is default deny of course,no chance to allow/deny,on the fly,but it works ok.

 

Re SRP: It's useful, but it's whitelist only, no prompting. Although, it would probably be an ideal base for an anti-executable app. (Which is why I proposed the SRP shell extension earlier. )

But yeah, I tend to test a fair amount of software, so no prompt pretty much means no go.

 

Well FWIW Returnil 2008 Personal is right out, because it seems to have up and disappeared from the web. The only download link I was able to find (aside from the numerous links to pirated versions ) was on Brothersoft, which is itself infamous for distributing malware. C'mon guys, can't you even keep just the paid version of 2008 around?

Edit: oh one more thing... I just realized, to be actually secure a whitelist app would have to be based on checksums rather than path rules (since a subverted application could just replace something in C:\Program Files\whatever and run it from there). SRP *can* handle that, but unfortunately PGS can't, so it's out too.

 

@ratwing

Good news for you ! Returnil Subscription Giveaway now running for all forum members now.

https://www.wilderssecurity.com/showthread.php?p=1648347#post1648347

 

Thank you nanana1!!

I have already taken advantage of this generous give-away,and while Returnil 2010 is a class act, I returned to ShadowDefender.

I know the GUI,I like right click commit,at least for small to moderate sized files,and the resource use is perfect for my machine.

But Returnil 2008 Premium,that was a classic.

 

AppGuard

 

Faronics Anti-Executable Standard

http://www.faronics.com/en/default.aspx

 

Every time I thought about that one.

 

I have been searching for the same thing. I just uninstalled Returnil 2008 free yesterday to try some of the others mentioned here already. The pc I'm experimenting with already has XP Pro with LUA, SRP, SuRun. Looking to cover any other bases. I wish Returnil would go back to this version and make it 64 bit compatible.

The Brothersoft file has the same md5 checksum as the one I've had on my pc for some time now. Mine was either downloaded from Returnil or Majorgeeks so the Brothersoft one is probably OK.