Returnil Antiexecutable, how exactly does it work

Discussion in 'Returnil releases' started by neji19, Nov 23, 2011.

Thread Status:
Not open for further replies.
  1. neji19
    Offline

    neji19 Registered Member

    I can't understand how it really works. I set the antiexecute features of rvs 2011 to trust programs from real disk only, then i downloaded some executables to my desktop with virtualization enabled, but still i can execute those executables and run it. It seems the antiexecute feature of rvs does not working, is there any wrong here? How exactly does it work?
  2. rrrh1
    Offline

    rrrh1 Registered Member

    I have tried downloading an installer (Unsigned) and it installed and ran.

    Is there something we are both missing ?

    Since I just downloaded the file it should have been in the virtual environment, It was gone after a reboot but I though it stopped files not on the real drive.

    Going back and reading and testing more.

    rrrh1 (arch1)
  3. Coldmoon
    Online

    Coldmoon Returnil Moderator

    Hi,
    Apologies for missing this thread previously. What programs please?

    Mike
  4. neji19
    Offline

    neji19 Registered Member

    I am using the latest trial version of rvs pro 2011, i downloaded it from the mirrors on your site. I just tested the antiexecute capability of the latest version of rvs pro 2011, i set the antiexecute feature to trust programs from real disk only with virtualization enabled, and in my testing, all the executables i have downloaded were executed and run without stopping. Unlike the older versions of rvs pro, all executables in virtualized environment were stopped. I hope you can reproduce the issue because i think there is nothing wrong with my testing.
  5. rrrh1
    Offline

    rrrh1 Registered Member

    Returnil System Safe Free 2011 3.2.12918.5857-REL14 downloaded from MajorGeeks...

    Set returnil to real disk only before starting test...

    Downloaded Evil-player from MG as a test it is less than 1 MB...

    The installer ran and installed the program and the program was allowed to run...

    The program is safe as far as I know but what if it was not...

    It was gone at reboot, so there is some protection without anti-execute-able protection...

    Thanks for the help.

    rrrh1 (arch1)
  6. Coldmoon
    Online

    Coldmoon Returnil Moderator

    Hi,
    Report flagged to the QC engineering team for testing and response as quickly as possible.

    Mike
  7. Coldmoon
    Online

    Coldmoon Returnil Moderator

    Hi all,
    An update. The lead confirms the reports and a fix will be included in the next release. Until then, do either of you have access to the older REL13 build? If yes, please install and test that build and let me know the results. If not, shoot me a PM and will get you a DL link..

    Mike
  8. neji19
    Offline

    neji19 Registered Member

    I don't have access to REL 13 build of rvs pro 2011, i sent you a pm, kindly give me the download link for testing. I have here the installer of REL 11 and i tested it's antiexecute features, and it is working fine,
  9. Rilla927
    Offline

    Rilla927 Registered Member

    Good find:thumb:
  10. Coldmoon
    Online

    Coldmoon Returnil Moderator

    Previous builds to REL14 (REL11 included) should be fine with respect to the A-E functionality. I have sent you a reply to the PM with the information to get the REL13 build using your FTP client of choice.

    Mike
  11. neji19
    Offline

    neji19 Registered Member

    I have downloaded REL 13 of rvs pro 2011 and tested its anti-execute features, and it is working fine in both windows xp and windows 7. I just notice some downside, REL 13 build noticeably slows down my system, specially the launching of programs. Unlike the the REL 14 which is very smooth and does not slows down my system, except that anti execute feature is not working, the REL 13 build slows down the launching of my programs
  12. kupo
    Offline

    kupo Registered Member

    Bump, is this fixed already? The latest version is REL14 right?
  13. Coldmoon
    Online

    Coldmoon Returnil Moderator

    The issue is actually specific to REL14. The bug is fixed in the current test build for the new 3.3x version which should be released for public testing and comment soon.
  14. VanguardLH
    Offline

    VanguardLH Registered Member

    I sincerely hope so. I'd hate to see Returnil degrade to update schedules as what happened with GeSWall which ended up with intervals of 6 to 12 months between releases (the last two of which were subminor versions, like 2.9.1 and 2.9.2 that took 12 month each to show up). Not getting out releases to address known bugs (which had fixes, too) is why I gave up using GeSWall.

    While the virtual mode provides a comfort layer to revert the drive back to a prior known good state, not allowing any new stuff to run eliminate the need to worry that the bad stuff disappeared on a reboot to exit virtual mode - because the bad stuff couldn't run.

    Even when parents make their kids do a time-out in their bedrooms, they still don't want a raucous melee going on in the bedrooms, either. "Hey! Shut up in there!"
Thread Status:
Not open for further replies.