Use two free programs from Excubits to run vulnerable programs in containers

Discussion in 'other anti-malware software' started by Windows_Security, Apr 20, 2016.

  1. Kid Shamrock

    Kid Shamrock Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    229
    @Windows_Security
    Kees, I noticed you removed the lines !C:\Windows\explorer.exe>*chrome.exe from your MemProtect ini whitelist and *>chrome.exe from the blacklist. Did you find these lines to be unneeded? Please explain. What is the best way to test MemProtect to make sure its working properly? I'm using it to protect Chrome and Office programs. Thanks...
     
  2. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    MemProtect and Pumpernickel would complement AppGuard...

    What about if Sandboxie was used instead of AppGuard?
     
  3. @Minimalist
    Yes explorer could still be targetted, only by using explorer++ as file manager, this closes the hole when using Pumpernickel to protect your documents and media files (some Ransomware infects explorer, so by allowing windows explorer one still is vulnable to some ransomware variants).

    @Kid Shamrock
    When protecting your documents, mail and media files (the list of extensions *.doc etc) you have to allow Windows Explorer to organize (copy, move, delete) those files. This sort of reduces the rational of locking Chrome both ways (since explorer is one the most attacked processed in medium Intergrity Level). So when you don't use Pumpernickel to protect your documents and media files, keep the tight post #981 based setup.
     
  4. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    @Windows_Security I'm experimenting with Explorer++ (in portable mode with config.xml settings file) running in Low integrity mode at the moment. I'm trying to get an idea of whether or not this could be beneficial for high risk users who only need to do simple tasks like looking through pictures and so on, and therefore avoid accidentally running executables and particularly protect from ransomware. So far it seems promising. Explorer++ (Low) starting Process Explorer / Process Hacker, those tasks programs can only subsequently show running tasks which are also Low integrity. I still have to experiment more with disk access and also registry access and then throw Pumpernickel into the mix in lethal mode.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.