RVS 2011 Additional Protection Options

RSS 2011 > Virtual Mode > Settings >Additional Protection Option

I looked around for this I was not able to find the answer.

I do not understand the three modes. Which is the safest of all three. There is three options, Allow programs to run normally, trust system services from real disk only, Trust programs from real disk only. I do not want to trust anything, IE Internet Explorer or Firefox. I want any changes, even temporary internet files, downloads, and program temps caches, to go to the Virtual disk and removed at the shutdown of the computer. I did not have this option in 2010 it was simple. Now I do not understand the differences in the three and which one should I pick.

 

i use returnil2008 it does what you want

 

Additional Protection Options (Anti-Execute feature)
• Allow programs to run normally
As implied, programs will not be blocked or prevented from running unless they are detected specifically by the Virus Guard Real-Time monitor.
• Trust system services from real disk only
Allows some flexibility between "block nothing" and "block all". Though good security practice would be to block all, this is not always the most optimal environment to work in at all times. With convenience however, comes risk and this is why this option is designed to allow things that the "Trust programs from the real disk only" option does not, but also provides protection against certain types of malware that are designed to circumvent the Virtual Mode protection and does so without need for signatures or updates.
• Trust programs from the real disk only
This is the most restrictive setting and will block anything not already known. This will even block the addition of plugins for your browser.

 

Hi Auguss and welcome to the forums

Boyfriend posted the text from the manual and it is a good general description of what the options will do here. The AE feature is essentially the same as 2008 as far as what to expect from the two options you are familiar with:

1. Allow programs to do what they want
2. Block what isn't already known

The new option gives a little flexibility rather than being an either/or situation while still providing a level of protection.

Mike

 

I wish there was a block all option. This computer is used as a public computer where kids get on it. They do not know what they download and install. I might be looking for another Virtual Disk program to try. Thanks for the information. I did not really understand the description that Boyfriend left. It is a little confusing.

 

The option for only allowing what is known is a default "block all" option as it will simply not allow any exe to start if it doesn't already exist on the real hard disk so this would be appropriate for your stated requirements.

Give it a try and you will see exactly what it does. further, the blocking is done silently so there are no rules to learn, configure, or adjust. When using the option to show an alert, the authorized user would be able to allow things to run, but the AE feature itself will not remember the decision following restart so there is flexibility when required and discipline at all other times.

Mike

 

How do you tell it to ignore. I keep getting warnings about a Norton update. A red box pops up.



\DEVICE\HARDDISKVOLUME2\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\DEFINITIONS\VIRUSDEFS\20100826.002\EX64.SYS

 

With default AE, I am also unable to use Core Temp (0.99.7.7). Moreover, Z: drive (exact size and with name of system drive C: ) appears in explorer. To avoid frustration, I am running it with option to allow programs to run normally.

 

Set it to "Allow programs to run normally" if you intend to test software or run certain stuff that isn't on your real system itself.

Set it to either one of the other 2 options if you want further restrictions....

In any case, there's nothing much to worry as you're using Returnil....simply reboot and poof most changes (if not all) are gone

 

Hi chuckfrasher,
Open the Virus Guard > Log section, select the detection from the list and select Quarantine. Next, open the Quarantine list, select the item you just sent to quarantine and then select Restore. During the restore process, choose to add the file to your Virus Guard exclusions list. The file should now be ignored during further scans.

Mike

 

@Coldmoon: How we can exclude a file/driver to be detected by AE? (Not by virus guard).
Is there any solution for Z: drive appears during virtual mode enabled?

 

1. No, the AE will block what it is programed to block depending on your settings. If you have problems activating some programs using the "Trust programs from the real disk only" option, try the "Trust services..." option for more flexibility. If this still causes issues, you may have to consider allowing programs to run as they will until you are done using the particular program you are trying to use.

2. This should be resolved in 64 bit systems. If you are seeing a Returnil Z:\ drive in my computer, it should be the mounted Virtual Disk (virtual storage feature and not the virtualization cache).

Mike

 

1. How to allow it while using default AE option (Trust system services from real disk only). I am experiencing problem with Core Temp (0.99.7.7). It extracts its driver (sys) in temp files and Returnil do not allow it to run. How can I exclude a file to run normally?

2. The problem is not resolved on x64. I have never used Virtual Disk nor enabled it. Currently I am in virtual mode. As soon as I select option (Trust system services from real disk only) and click Apply, Z: drive appears in explorer (size and name are exactly of system drive). When I select option (Allow programs to run normally), then it is does not show up. It is virtualization cache. Need snap as proof?

EDIT: I have found another bug. Coldmoon please check your PM.

 

1. You can't. You will need to lower the AE settings or find a way to install the application on the real system prior to activating the virtual mode.

2. I am unable to reproduce your report here. Please open a new support ticket and send us the usual log files so we can investigate your situation in greater detail.

Mike