File System Protector v1.0 - Lock Files\Folders, Deny Write Access to Files

Released a new program:
http://www.novirusthanks.org/products/file-system-protector/

Rules are easy to write thanks to wildcarding and aliases:

Can be used, for example, to lock the startup folder (so processes can't drop files there), prevent modification of specific files (so cryptolocker can't hijack them), lock a file so processes can't even access it, etc. You can exclude trusted applications by simply writing the wildcard to exclude a process, example *\process.exe would exclude process.exe from any rule.

 

It's not gooood...
Such tools are more needed for avarege and less-average users who want protect own files like documents, sheets, photo, mp3, etc. It was mentioned on WS that you are going to release something like abandoned Secure Folders but I expected app more handy and easier to use.

 

securefolders is better imho, so easy to use it even has a context menu option.

 

I think is better respect GUI only, also I'm sure Andreas' programming stronghold and skills are much better just like Peter2150 already said.
Anyway I'm going to try this one Andreas and please forgive me if I look ungrateful for asking too for a nice GUI.

 

NVT provides all the components to create a second sandbox around chrome

1. Smart object blocker
   a) Only allow chrome to launch chrome.exe
   b) Only load Microsoft signed DLL's from Windows and Google Signed from Program Files\Google\Chrome\
   
   
2. File System Protector
   a) Allows Chrome to read only system wide
   b) Allows Chrome to write t Downloads and UserProfile\Appdata\Local\Google
   
   
3. Registry Guard
   a) Allows CHrome to only access it own registry keys for update (create/write/delete) intend

Secure Folders is nice, but is unlikely to receive updates, so count your blessings.

 

Not for XP, but I don't need this proggie anyhow.

 

Application for XP: put vulnarable programs like office (or libre office) and Chrome in a LUA sandbox by denying them write access for Windows and Program Files

 

Could you do a quick update to your installer capable of creating a scheduled task for start up with Windows?
I did one but something's wrong.

Btw Is it normal for FSProtector.exe to be killed by Process Explorer (me at will)? My folder became vulnerable again...
How about a malware able to kill that process?

I really don't understand or something's wrong with the program?

Edit~ FYI even if I kill SecureFolders GUI program the file system mini-filter driver is still protecting...

 

Interesting Kees and thanks again. Knew you would tinker with this one to draw out Maximum benefit

I also echo the Thumbs Up suggestions for a GUI. Andreas makes the best ones too. I say that in favor because of the customizable AUDIO alerts that are so effective in ERP. You can walk away from the PC/Lappy and when something like an unneeded SetUp.exe update tries to sneak it in anyway, it's either pre-blocked by Rules or Held Up until examined the path etc. first. That AUDIO alert is a great benefit so is the entire GUI.

 

Hmmmm, I think I will use Secure Folders for .NET and Powershell hooplah, and FSP for the rest...

 

@Mister X

On this first version, FSProtector has no self-defense or similar, hence it can be killed\terminated by Task Manager or Process Explorer.

@Peter2150

Which are the rules you used ? FSProtect can deny write access to files, not to folders\drives.

 

ahhhh.... not to folders or drives... what a bummer!!!

Any chance you could branch this off to include directory & drive blocks? Damn, might have to reinstall SpyShelter just for this feature :/

 

securefolders can lock, hide, deny access to folders.

 

Yeah, but cannot differentiate between trusted apps and folder lists, so all trusted apps are exempt from folder restrictions. The same thing happens in AppGuard, where if the Guarded Apps Custom Folder setting is "Exception", then all Guarded Apps can see it.

Trying out a couple more... Folder Protect is a trialware, but doesn't work in a LUA, so need to be running Admin account for it. Easy File Locker works in LUA. Both these apps kick up a fuss when trying to add Windows directories (wanted to add SoftwareDistribution, plus some others).

Out of SF, FP and EFL, it seems that Secure Folders is the only one that allows additions of both user and system directories. I will see if File System Protector brings to the table. I was going to do a backup... woe is me.

 

@Peter: It can protect folders, can't it? See the first screenshots.

 

Ok, I understand it now. But the examples should really have ; in front so they aren't active.

And this app has EXACTLY the same problem as SecureFolders. You can't make per rule exclusions. You can prevent apps from accessing specific resources, but you can only globally exclude the rules that can exclude one another.

I want to create an exclusion that only applies to a specific rule. But I can also create a global exclusio if I want. This way you can create complex protective rules that don't exclude one another from protection. Can this be added?

Also, GUI driven control would be a nice thing to have. I know advanced users are suppose to use this but still, I just love GUI's. It's 2016, we should really leave writing long complicated noodles behind us.

Also, can variables be used within the rules? Like %temp% ?

EDIT:
Created rule that prevents anything reading my Firefox files other than Firefox itself. I quite like it

 

Seems like nobody wants to tackle the "no execution" or "no per rule exclusion" features that are so lacking in the basket of file/folder/drive watchdog apps...

 

Sad but so true.

 

Please explain andreas, on website it does mention folder protection

 

I don't find such possibility in SF but it's possible to do so in ThreatFire (still don't stops to be surprising )...enter advanced tools and "custom rule settings"
- create new
- for any or specific process
- tries access (write-create-delete-execute) or rename a file
- in chosen folder/folders
- except porcess on list of system/trusted/chosen processes
So you can have individual rule for any folder you want.

 

Pity Threatfire was also abandoned after Symantec acquired PC Tools.