Panda Cloud super tough protection tweak

I'm not sure how this works and if it works as i think it should, but here it is. Only recommended for advanced users as this isn't properly tested yet.

New Panda Cloud version 2.2 offers new feature called Data Shield that only allows certain apps to access protected files. But here is a tiny trick that can convert Panda Cloud regular protection into almost something similar to Comodo Defense+. If anyone can test this in virtual machine with real malware it would be even better (i currently don't have the test environment setup).

How to setu Panda Cloud 2.2...

Open main Panda Cloud interface and click the bubbles in the bottom right corner. Now select "Data shield" feature.


First, add entire drive to the list of protected folders. If there are more of them, add all drives.


Enabling "Allow access by secure apps" decreases the number of warnings by Panda Cloud.


Make sure you add additional extensions to a list of protected stuff.
I'm currently using the following extensions: exe,com,cpl,scr,cmd,lnk,msi,pif

In theory (at least), this should provide superior protection against file infectors and patchers even if they sneak by the Panda malware detection systems.
Data shield prevents any modifications done by unknown apps but allows modifications done by safe apps that are whitelisted by Panda, so it shouldn't interfere with clean apps (much). For those that aren't safe and try to modify protected files, Panda will display a popup, asking you what to do (Allow/Deny).

I have set it up this way and i haven't got any popups yet except for Rocketdock. So, so far so good.

 

Thanks for the tip. That's pretty much how I configured OA's file shield, except a little bit more paranoid.

A question, is there a learning mode for the allowed programs or we have to add them all manually?

 

Well, that "Allow acces by safe apps" automatically allows safe apps so you don't get asked for that. Allowed apps do get added when Panda asks you what to do, but that rarely happens anyway (in my case).

 

Panda Cloud Antivirus Free Edition 2.2.1
http://www.neowin.net/news/panda-cloud-antivirus-free-edition-221

 

Safe according to Panda's whitelist?

 

Creative! nice idea

 

Yes. You can also leave that unchecked if you don't mind answering questions to all the system components trying to access the files...

 

Great idea...thanks for sharing...but I think this solution is very similar to some feature in ThreatFire
Advanced settings/Custom rules/Launch control/Modify/Any process/tries to access a file (write-delete-create-execute)/in the folder/C: (instead of Program Files)/Except when...
Rule description: Controls installation, alteration and execution of any normally installed program.
Mainly...it's great feature uncovered in PCA

 

will this also help against malware that stays in ram?

 

Nice find RejZoR

 

Wow, that's cool! I look forward to tests.

 

Very nice find Rejzor.

Testing this now.

 

That's the version you'll end up with if you download directly from cloudantivirus.com by the way. (even if their page states "2.2" under the "Download free" button)

 

seems nice but just not a fan still of panda cloud. and for sure not a fan of to many annoying pop ups at least on my own system i know what im installing and why i dont need a program to tell me during the install what each and every file is doing unless im doing testing on a av. ill test it sometime this week to see how it does set up like this.

 

Well I am going to run this setting in a vm against very fresh zero-days malwares that usually pass avs with very few detections and see if they are blocked.

 

I just tried it and after reboot I get "BLACK SCREEN" (windows will not load). This is win 7 ultimate 64bit in VM.

I think adding the "C" drive to protected folder is a BAD IDEA. Atleast on a 64bit win 7. Doing this will cause windows failure to boot-up and give a blackscreen.

I will try to re-test but without adding the "C" drives but will do the rest of the tweak to see if windows load and how it does.

 

well even with adding executables, the vm got infected by the zero-day malwares.

So it seems that adding executables does not increase the protection. Addition of "c' drive for protection causes windows to boot to blackscreen.

 

^^^^ decided to play around with it and funny thing is i get the same result here .....

 

It doesn't protect writing to folders, it protects OVERWRITING protected files. Meaning file infectors like Sality or Virut shouldn't be able to modify (infect) files. Test with file infectors.

As for the black screen, i noticed it too but it was random, it worked most of the time but then out of the blue it won't anymore. I also had a random Musicbee failure after using it for a while. It seems like Data shield is still a bit buggy because things like this shouldn't happen even if you add entire drive to protection.

 

Panda Cloud Antivirus 2.2.1

Hi

Panda Cloud Antivirus 2.2.1

http://www.cloudantivirus.com/de/#!/fr...ivirus-download

http://blog.cloudantivirus.com/

 

I tried these settings and could no longer login to the machines I tried this on after a reboot. Fresh, totally updated installs of Windows 7 Pro 64bit and fresh installs of Panda Cloud 2.2.1. Configured as is shown here, rebooted... Windows login screen never shows up, mouse pointer does and blind entering passwords didn't seem to do anything.

 

I've done numerous restarts since adding C: drive and have had no problems at all. I use Musicbee also and it performs as it always has.

Everything is running flawlessly.
Windows 8 Enterprise 64bit.

 

Great, I will try it!

 

Thank you for the tweak information.