Anything like Returnil 2008's anti-exec plugin?

Discussion in 'other anti-malware software' started by Gullible Jones, Apr 6, 2010.

Thread Status:
Not open for further replies.
  1. I'm currently looking around in vain for something like R2008's anti-executable plugin. Why? Because it offers something very basic that many HIPS don't have... It's got both a query (Allow/Deny/Remember Decision) mode, and a whiltelist mode where it blocks everything not explicitly allowed.

    I've tried some alternatives...

    - Trust-No-Exe: has whitelisting, but no query mode.
    - Winsonar: doesn't query for new executables during training, which from a security standpoint isn't as good (at least IMO).
    - Privatefirewall/Outpost Free: no whitelist mode, only popups. Also, Outpost stupidly defaults to the "Allow" option for some popups.

    Is there anything else like this, either free or reasonably priced for home use? Failing that, is the most recent version of Returnil 2008 secure enough to be usable?
  2. Creer

    Creer Registered Member

    Jun 29, 2008
  3. ratwing

    ratwing Guest

    Hello Gullible Jones

    When I left Returnil after 2008 was phased out,, I was in the same position.
    I tried Process Guard,but it seemed a pretty bulky solution to try
    and replace the elegantly simple no-overhead Returnil 2008 AE module.

    I would feel safe with Returnil 2008,but my licence is expired,and there is no
    way to renew.

    I made a sort mini white list based "anti-executable" out of my sandbox
    for WindowsExplorer.

    It takes a little time to file path "white list" what you want to allow,and it is default deny of course,no chance to allow/deny,on the fly,but it works ok.
  4. Re SRP: It's useful, but it's whitelist only, no prompting. Although, it would probably be an ideal base for an anti-executable app. (Which is why I proposed the SRP shell extension earlier. ;) )

    But yeah, I tend to test a fair amount of software, so no prompt pretty much means no go.
  5. Well FWIW Returnil 2008 Personal is right out, because it seems to have up and disappeared from the web. The only download link I was able to find (aside from the numerous links to pirated versions :mad: ) was on Brothersoft, which is itself infamous for distributing malware. C'mon guys, can't you even keep just the paid version of 2008 around?

    Edit: oh one more thing... I just realized, to be actually secure a whitelist app would have to be based on checksums rather than path rules (since a subverted application could just replace something in C:\Program Files\whatever and run it from there). SRP *can* handle that, but unfortunately PGS can't, so it's out too.
  6. nanana1

    nanana1 Frequent Poster

    Jun 22, 2007
  7. ratwing

    ratwing Guest

    Thank you nanana1!!

    I have already taken advantage of this generous give-away,and while Returnil 2010 is a class act, I returned to ShadowDefender.

    I know the GUI,I like right click commit,at least for small to moderate sized files,and the resource use is perfect for my machine.

    But Returnil 2008 Premium,that was a classic.
  8. 1000db

    1000db Registered Member

    Jan 9, 2009
    AppGuard :thumb:
  9. noway

    noway Registered Member

    Apr 24, 2005
  10. raven211

    raven211 Registered Member

    May 4, 2005
  11. jdd58

    jdd58 Registered Member

    Jan 30, 2008
    I have been searching for the same thing. I just uninstalled Returnil 2008 free yesterday to try some of the others mentioned here already. The pc I'm experimenting with already has XP Pro with LUA, SRP, SuRun. Looking to cover any other bases. I wish Returnil would go back to this version and make it 64 bit compatible.

    The Brothersoft file has the same md5 checksum as the one I've had on my pc for some time now. Mine was either downloaded from Returnil or Majorgeeks so the Brothersoft one is probably OK.
Thread Status:
Not open for further replies.