Use Applocker to only let firefox access firefox-data files?

Discussion in 'other security issues & news' started by zakazak, Sep 18, 2011.

Thread Status:
Not open for further replies.
  1. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    529
    Hi, I wonder if I can use Applocker to only allow firefox.exe to read the password in the %Appdata% folder ?

    Would it be:

    Executable Rules -> Deny -> Choose %appdata% firefox folder -> exceptions -> file hash -> choose firefox.exe ? (and maybe also plugin-container.exe ?)

    if so, would I also have to add some files from CIS 5.x so that it can still protect the folder?

    thanks
     
    zakazak, Sep 18, 2011
    #1
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I believe you can't use either AppLocker or CIS to do that. Have you considered using a password manager such as LastPass?
     
    MrBrian, Sep 18, 2011
    #2
  3. Spysnake

    Spysnake Registered Member

    Joined:
    Apr 11, 2009
    Posts:
    189
    Spysnake, Sep 18, 2011
    #3
  4. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    529
    So making rules in Applocker for the %appdata% firefox folder while adding firefox.exe als exception would mean:

    nothing is allowed to execute in %appdata%-firefox except the firefox.exe

    but still every random.exe would be able to access the files n %appdata%-firefox (but it cant be executed in that folder) ?

    @edit: I use LastPass but this was just an example.. i also wanted to do this with thunderbird,messengers,... also I thought I would cancel LastPass and use Firefox sync :p
     
    zakazak, Sep 19, 2011
    #4
  5. Spysnake

    Spysnake Registered Member

    Joined:
    Apr 11, 2009
    Posts:
    189
    If you allow a folder path, all files in that folder can execute. If you deny a folder path, nothing there can execute. Deny takes a preference if both are applied to same path.

    So yes, you are atleast partially correct in your assumptions. I don't know if you can even make an exception like that, someone of the AppLocker gurus could answer to that. But AppLocker is still strictly for the execution control.
     
    Spysnake, Sep 19, 2011
    #5
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    If there were a utility in Windows that could limit reads/writes access based on path/ publisher... I'd never run third party security again.
     
    Hungry Man, Sep 19, 2011
    #6
  7. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,342
    Location:
    USA
    Correct. People are trying to use Applocker in a way it is not designed for. Also is it important to know limitations of a security layer.

    Its better to use allow path rules with exceptions to restrict directories that a user can write to. Also it is not recommended to use deny rules at all as a user can modify or move a file or files and cause the deny rule(s) to become invalid.

    Good for you.
     
    Last edited: Sep 19, 2011
    1chaoticadult, Sep 19, 2011
    #7
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...