Secure Folders to protect folders (and use as anti-executable)

Discussion in 'other anti-malware software' started by Windows_Security, Oct 21, 2014.

  1. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    1,037
    Hi EveryOne

    I am very interested in this thread particularly with Ransomeware on the rise and also the free Secure Folders.

    I would be most grateful for help on what folders need protecting and whether they should be, hidden, read only, Locked , No Execution. I have Windows 7 Three browsers IE11, Chrome and Firefox + Thunderbird.

    Similarly, which .exe files should be protected and what type of protection.

    Can you just protect all of a particular drive, say C:?

    Thanks for your help

    Terry
     
  2. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    @TerryWood
    Personal private data is the key. For instance is advisable to lock Documents folder or any folders where you currently save important personal files such as photos, books, word, excel, etc. Even folders in external drives or partitions.
     
  3. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    It depends on what you want to protect and how.

    For example, photos, videos and music, you want those protected as read only. This way you protect files from ransomware modifying them, but you can still view them by ANY even non-trusted app. Making it safe but comfortable to use.

    Locked should be used for example to protect browser user profile folder where bookmarks and locally stored webpage passwords are stored. Give only browser the right to access it and you can reinforce the security quite a bit that way. There will also soon be "Hidden and Locked" option which would even further enhance this by locking access and even hiding files, sort of almost double secure.

    Hiding works similar to locked, if app can't find the file it can't access it. Similar to Locked, just that the files are hidden, but if you can dig them up, they can still be accessed. Which is the case in certain situations.

    No Execution, to my knowledge means you can still access the files freely, read their content, but you can't execute them in ways of running an EXE file. This could be used to limit what programs can be run in what locations. Haven't tried this one yet so I'm basically talking theory for this one.
     
  4. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    I've run into an issue with Secure Folders (No-execution) function. It WAS working the past week or so but now it's not working and i can click on any executable that i put into any folder that has the No-execution SF flag and the darn thing runs anyway. Lock + Hidden still works and i haven't tested Read-only but No-execution is fell flat on it's face for some reason. Yes within the program it is ENABLED but is NOT preventing a manual starting of the executable whatsoever.
     
    Last edited: May 31, 2015
  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    REVISION OF ISSUE POST: Duh, my bad i guess. I had Explorer.exe in the TRUSTED APPLICATIONS list. THAT was allowing any executable i placed in a SF protected folder to run it anyway. Removed the checkmark from off Explorer.exe line and now SF is preventing execution as expected.
     
  6. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Thanks for your experiences. I'm still awaiting for the dev to come over.
     
  7. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Can anyone with Windows 8 confirm my most recent experience about the No-execution feature not working whenever you have Explorer.exe in the TRUSTED APPLICATIONS LIST? And then after unchecking or removing it those same executables listed as No-execution in that TAB works again normally as expected. This is no biggie at all now but just glad that i toyed with the SF settings long enough this week to realize what works and what doesn't on my machine.
     
  8. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Whether I have explorer.exe or not in the TRUSTED APPLICATIONS LIST, an exe I tried to run was blocked by Secure Folders in No-execution mode, on Windows 8.1, admin account, UAC off
     
    Last edited: Jun 1, 2015
  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Ok thanks. I am on plain jane Windows 8.0 OEM so it's likely just a small difference due to versions/updates or whatever. I just found it strange when SF allowed launching any exe that i deliberately placed in a protected SF folder in No-execution mode. Removing explorer.exe from the TRUSTED APPLICATIONS list returned SF to a working state again on that one.
     
    Last edited: May 31, 2015
  10. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    That's why we need per rule trusted apps. So trusted apps don't conflict with other rules, potentially negating them. I have the same issue with documents protection where I need explorer.exe there in order to still use them.
     
  11. CGuard

    CGuard Registered Member

    Joined:
    Mar 2, 2012
    Posts:
    145

    I confirm (Win7Ux86). @EASTER, when the UAC (i assume you keep it enabled) popped up, did you allow the elevation?

    Ran some quick tests.

    DENY EXECUTION ON FOLDER OR FILE (same results)

    a. "Trusted" Explorer: depending on the test-exe's Zone Identifier, either

    1. UAC prompt ->Yes-> noexec.JPG , or

    2. "Do you want to run this file" box->Run->UAC prompt->Yes-> error5.JPG


    b. un-"Trusted" Explorer: depending on the test-exe's Zone Identifier, either

    1. noexec.JPG , or

    2. "Do you want to run this file" box->Run-> noexec.JPG


    PS. The bad news are that, despite
    SF's anti-execution doesn't work on .msi files.
     

    Attached Files:

  12. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Has anyone tested some crypto-malware in Locked mode?
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Not specifically, but I've tested with Read only on my other two internal drives, and nothing can write to them, so that should also protect against crypto.
     
  14. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Good to know. Anyway I'm going to test some crypto in Locked-mode but explorer.exe as trusted application... just to be sure.
     
  15. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    @CGuard My bad, but it should be better clarified that earlier when testing the No-execution function on those SF folders, that specific test was 100% UAC turned off. So it's nice to know that with UAC off that SF is indeed providing the expected protection.
     
  16. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
  17. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    1,037
    Hi All

    I can confirm that Folder Protection with Secure Folders does NOT work when in virtualised mode with Shadow Defender. It DOES work with Shadow Defender outside of virtualised mode.
    Terry
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Well that's strange. I have folders protected on my other two drives, and I am in shadowmode with just c: shadowed and secure folders works fine.
     
  19. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    1,037
    Hi Peter 2150

    I was confirming in my post 92 what pegr said in his post 14

    """"blacknight said:
    Any know conflict with other security softwares ? It's a new program ?
    Not a conflict as such, but Locked folders on a partition shadowed (virtualized) by Shadow Defender didn't work when I tried it. The "Locked" folders on the shadowed partition was accessible by all programs.

    EDIT: Just to be absolutely clear, I should have added that on a non-shadowed partition, the Locked folders feature worked just fine.

    Last edited: Oct 27, 2014
    pegr, Oct 27, 2014 Report
    #14 Reply"""""


    Terry
     
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
  21. Secure Folders seems to use Windows ACL. When in shadowed mode the redirected writes do not touch the folders protected by SecureFolders, so SecureFolders allows access. :D

    See for example my quick backup drive protected by Access Control List (at night when internet goes down, my NAS is awakened and starts backing up data of all network connected PC's). Quick backup only backs up my documents. Desktop is the user with only read access. When a ransomware is started by a medium level process, it is blocked (UAC elevation request will be triggered). Secure Folder uses so little CPU, it has to be using build-in OS-protection mechanism.

    ACL.png
     
    Last edited by a moderator: Jun 8, 2015
  22. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Any news on this program?
    Although it works great for me I'm still reluctant to embrace this program with complete trust because the author doesn't want to come over to this thread, apparently.
     
  23. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    This has been a concern of mine as well. While the program looks great and functions well, we have no idea where this is coming from. By that, I mean is there a larger company involved, what country is it from, are there plans for a paid version as well. I would prefer to understand the bigger picture here. The web site doesn't offer much detail on these things. The last time that I dug into this I believe it may be from Ukraine, although that could be wrong.
     
  24. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    The last time I talked to the developer he told me he was willing to sign up here and "participate in conversation" (8 days ago) but nothing so far.
     
  25. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    That would be fantastic if the developer was to participate here. I believe that there is quite a bit of interest here regarding Secure Folders and I see a lot of potential there.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.