Returnil Antiexecutable, how exactly does it work

Discussion in 'Returnil releases' started by neji19, Nov 23, 2011.

Thread Status:
Not open for further replies.
  1. neji19

    neji19 Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8
    Location:
    Philippines
    I can't understand how it really works. I set the antiexecute features of rvs 2011 to trust programs from real disk only, then i downloaded some executables to my desktop with virtualization enabled, but still i can execute those executables and run it. It seems the antiexecute feature of rvs does not working, is there any wrong here? How exactly does it work?
     
  2. rrrh1

    rrrh1 Registered Member

    Joined:
    Sep 10, 2007
    Posts:
    151
    I have tried downloading an installer (Unsigned) and it installed and ran.

    Is there something we are both missing ?

    Since I just downloaded the file it should have been in the virtual environment, It was gone after a reboot but I though it stopped files not on the real drive.

    Going back and reading and testing more.

    rrrh1 (arch1)
     
  3. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,968
    Location:
    North Carolina USA
    Hi,
    Apologies for missing this thread previously. What programs please?

    Mike
     
  4. neji19

    neji19 Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8
    Location:
    Philippines
    I am using the latest trial version of rvs pro 2011, i downloaded it from the mirrors on your site. I just tested the antiexecute capability of the latest version of rvs pro 2011, i set the antiexecute feature to trust programs from real disk only with virtualization enabled, and in my testing, all the executables i have downloaded were executed and run without stopping. Unlike the older versions of rvs pro, all executables in virtualized environment were stopped. I hope you can reproduce the issue because i think there is nothing wrong with my testing.
     
  5. rrrh1

    rrrh1 Registered Member

    Joined:
    Sep 10, 2007
    Posts:
    151
    Returnil System Safe Free 2011 3.2.12918.5857-REL14 downloaded from MajorGeeks...

    Set returnil to real disk only before starting test...

    Downloaded Evil-player from MG as a test it is less than 1 MB...

    The installer ran and installed the program and the program was allowed to run...

    The program is safe as far as I know but what if it was not...

    It was gone at reboot, so there is some protection without anti-execute-able protection...

    Thanks for the help.

    rrrh1 (arch1)
     
  6. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,968
    Location:
    North Carolina USA
    Hi,
    Report flagged to the QC engineering team for testing and response as quickly as possible.

    Mike
     
  7. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,968
    Location:
    North Carolina USA
    Hi all,
    An update. The lead confirms the reports and a fix will be included in the next release. Until then, do either of you have access to the older REL13 build? If yes, please install and test that build and let me know the results. If not, shoot me a PM and will get you a DL link..

    Mike
     
  8. neji19

    neji19 Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8
    Location:
    Philippines
    I don't have access to REL 13 build of rvs pro 2011, i sent you a pm, kindly give me the download link for testing. I have here the installer of REL 11 and i tested it's antiexecute features, and it is working fine,
     
  9. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,699
    Good find:thumb:
     
  10. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,968
    Location:
    North Carolina USA
    Previous builds to REL14 (REL11 included) should be fine with respect to the A-E functionality. I have sent you a reply to the PM with the information to get the REL13 build using your FTP client of choice.

    Mike
     
  11. neji19

    neji19 Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8
    Location:
    Philippines
    I have downloaded REL 13 of rvs pro 2011 and tested its anti-execute features, and it is working fine in both windows xp and windows 7. I just notice some downside, REL 13 build noticeably slows down my system, specially the launching of programs. Unlike the the REL 14 which is very smooth and does not slows down my system, except that anti execute feature is not working, the REL 13 build slows down the launching of my programs
     
  12. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    Bump, is this fixed already? The latest version is REL14 right?
     
  13. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,968
    Location:
    North Carolina USA
    The issue is actually specific to REL14. The bug is fixed in the current test build for the new 3.3x version which should be released for public testing and comment soon.
     
  14. VanguardLH

    VanguardLH Registered Member

    Joined:
    Sep 10, 2007
    Posts:
    96
    I sincerely hope so. I'd hate to see Returnil degrade to update schedules as what happened with GeSWall which ended up with intervals of 6 to 12 months between releases (the last two of which were subminor versions, like 2.9.1 and 2.9.2 that took 12 month each to show up). Not getting out releases to address known bugs (which had fixes, too) is why I gave up using GeSWall.

    While the virtual mode provides a comfort layer to revert the drive back to a prior known good state, not allowing any new stuff to run eliminate the need to worry that the bad stuff disappeared on a reboot to exit virtual mode - because the bad stuff couldn't run.

    Even when parents make their kids do a time-out in their bedrooms, they still don't want a raucous melee going on in the bedrooms, either. "Hey! Shut up in there!"
     
Thread Status:
Not open for further replies.