Smart Object Blocker (Block EXE, DLL, Drivers)

can we have an "start with windows " option? i sometimes forget to launch it manually

 

@novirusthanks

Andreas, would this also work (%PROFILE%\Downloads) when I have relocated downloads to another partition?


I am very happy with the capabilities. SOB is fast, easy on resources and mind bogging granular

You already have software which monitors file and folder access, could this be included in SOB also (to make it the ultimate sandbox for Windows )


regards Kees

 

Questions for everyone using SOB:

1) What do you think about having also possibility to write negative rules ?

This can allow to match, for example, processes, dlls, drivers that do not have the "dot" in the filename.

Example rule: [NEG:%FILENAME%: *.*]

Of course this could be wrote via regular expression like this:

Code:

[REGEX:%FILENAME%: ^(?:(?!\.).)*$]

But this is a bit more complex probably.

2) What do you think about having an option in the Configuration.ini to block autorun.inf executions from USBs, CD-ROMs, etc ?

Just a simple BlockAutounForUSBs = y BlockAutorunForCDROMs = y etc

3) What do you think about having a new variable %USB%, %CDROM% to identify if the object is located in a USB or CDROM device ?

This would allow you to block, for example, execution of processes from USB and/or CDROM devices.

@Windows_Security

The variable %PROFILE% is related to your profile folder, so if you installed Windows on E:\ partition, it would be like E:\Users\Username\

You mean like block/allow processes from writing/reading to/from a folder ?

 

I think that both of those are fantastic ideas.

 

excellent

very needed , since USBs and other removable medias are high infection vectors; this options will avoid some of us to install some 3rd party softwares.

most needed too

 

@novirusthanks

2. What do you think about having an option in the Configuration.ini to block autorun.inf executions from USBs, CD-ROMs, etc ?
great

3) What do you think about having a new variable %USB%, %CDROM% to identify if the object is located in a USB or CDROM device ?
great

4) You mean like block/allow processes from writing/reading to/from a folder ?
great

 

"You mean like block/allow processes from writing/reading to/from a folder ? great" +1
How soon can we expect this, so excited...

 

@novirusthanks


1. What do you think about having also possibility to write negative rules ?
IMO this has 2 advantage and 2 disadvantages, so I am sceptical about it

Downside 1.
This will mix the usage of allow - exception and block - exception. Now I write a * BLOCK rule DDL for Chrome and an EXCEPTION rule for DLL's from Microsoft and Google (to allow Chrome to only load DLL's from Microsoft en Google). In the current situation, the all rule is in Block, the exception rule in exception, which is logical by intuïtion.

Upside 1.
This will mix the usage of allow - exception and block - exception. The advantage is that (with NEG) I can write a BLOCK ALL EXCEPT (IS ALLOW ONLY ) rule in the BLOCK section: e.g. Block NEG DLL's from Microsoft and Block NEG DLL's from Google (so I am wrting an exclude rule in the block section).

Downside 2
As the above example shows, this might invoke logic errors when using "de Morgan rule's":
- not (A and B) is the same as (not A) or (not B)
- not (A or B) is the same as (not A) and (not B).

Upside 2
when applying negative rules, there is no reason to have seperate ALLOW and BLOCK rules folders anymore, since the NEGATIVE sort of reverses this logic. ALLOW, BLOCK and EXCLUDE folders are redundant anyway because Lock Down mode or Behavioral mode dictates the purpose of DLL, DRIVER. PROCESS and EXCLUDE db. So the advantage of introducing NEG would be a reduction in configuration files (just add a comment rule ; to explain that mode determines the way these rules are applied)

 

We've added support to block AutoRun (autorun.inf) executions for USBs, CDROMs or completely, plus we've added support for commenting lines.

Another question:

What's your preference ?

I would personally vote to separate the .DB files for Exclusion rules, much better to organize and write the rules.

 

me too, clearer and simpler

 

I think they should be separated also. I think users will be less likely to make mistakes when writing the rules if they are separated.

 

Yes, because file commands apply both on DLL and Driver in exclusion, Seperation into three (DLL, Driver, Process) would be the most straigh forwards solution.

 

Thanks for the added improvements.

 

Hello Andreas. Any news on this?

 

Released a new build:
http://downloads.novirusthanks.org/files/SmartObjectBlocker_Setup.exe

Here is what we've changed/added so far:

To update:

1) Close SOB
2) Make a backup of the \Allow\, \Block\ and \Exclude\ (folders if needed)
3) Uninstall SOB
4) Reboot the PC (important)
5) Install the new SOB

New\renamed object variables:

Block AutoRun.inf:

Autostart with Windows:

Now exclusions are handled separated:

@Mister X

Not yet discussed, should do that in the next week

 

@novirusthanks

As always thanks again. "Click"

 

ditto

 

thank you.as always

 

So what's the skinny on SOB. Happy that it's developments are going forward pretty much without a hitch but just curious if anything new is being seriously considered yet.

Or implemented

 

@novirusthanks

Andreas,

Would you please add an option to autostart SOB task even when admin user is NOT logged on?

This enables SOB to be protecting other users on the system as well.

Regards Kees

 

The site is back up now...

 

Yep, it's finally up again. Thanks.

http://securefoldersfree.com/

 

This program seems rather complex and time consuming to learn, how is it any different than faronics anti executable
or windows built in Applocker ? which are much easier to use

 

It seems complex because the GUi isnt implemented yet. Remember it is a alpha version. You cant compare it to anything until final release.

 

@Windows_Security

Like start SOB when Windows starts also on Limited User Accounts ?

@arran

The program should be easy to manage, it allows to write custom rules to block/allow processes, dlls and drivers. You can use wildcards, regular expressions and group rules to match an object. After you understand how SOB works it will become easier to use it. The GUI as of now is only used to display the blocked events. We'll write more tutorials soon.

@EASTER

For now we are working on making it stable, fixing few bugs reported by an user and improving few things. We should release a new build in few days.