Secure Folders to protect folders (and use as anti-executable)

I found which applications to trust to allow Microsoft Apps running in AppContainer, so this is my updated settings for SecureFolders to protect my personal files.



I have used Memprotect to protect the trusted applications from being exploited from user folders (since Ransomware is mainly executable based), Memprotect also completely isolates Chrome, so this combi provides nice free anti-exploit and anti-ransomware protection with standard Windows mechanisms (Secure Folders = ACL+alternate user, MemProtect = Protected Processes).

 

I have my docs and downloads folders in read only mode, a few other personal folders on my D drive in read only mode and my main downloads folder on D drive in hidden mode, is there anything I should add in trusted apps?

 

I have add my Music folder in Read-Only and Foobar2000 in trusted apps.
The same is with picture folder, added Irfanview in trusted apps just to be able to manipulate with pictures.

 

I wish I could add my torrents folder

I have found a possible bug/glitch which sucks!
Secure Folders protection doesn't work at all (for me) if I go to any of the protected folders (on any computers) via network drives. Do you guys have this issue?

 

I switched this discussion from the ERP thread to Secure Folders thread.

If you can access it on the LAN then I would bet you can access it by the WAN also. It sounds like a critical bug to me. Do you know if this affects read/write protection? Did you ever try writing a file to a write protected folder by the LAN? If you can then Secure Folders may be pretty useless.

 

Can SF protect files/folders on second drive (not on C drive) if PC got infected with Petya ransomware?

 

I would doubt that Secure Folders would protect the MBR, since it uses Windows internal mechanisms (ACL + alternate user). Signing in to a home group, could well circumvent these mechanisms (getting assigned other credentials than current user on the PC).

It was the same as with GesWall and DefenseWall. They pretty much provided the same protection, only GesWall was a lot faster at that time because it used Windows internals (DefenseWall was about as fast or as slow as Sandboxie at that time). Only when you copied an contained file from one partition to another, it lost the GesWall container because the ACL settings were reset to default when copying files by the XP operating system.

I guess there is always a downside to using Windows internal mechanisms: you can't compensate for weaknesses/leaks in the underlaying mechanism. When Microsoft came with x64 kernel protection, the whole security industry protested that we were now unable to compensate for MS-errors. This "find" also explains why Secure Folders has failed on the corporate market.

 

Wow, if you can remotely write to a folder set to read only then SecureFolders may be nothing more than snake oil (due to critical bug). I wonder if Windows_Security could try testing SecureFolders to see if write protection is being enforced when accessed by the LAN, and WAN.

 

Peter already did that, it did not protect, probably also the reason they failed in the corporate market

 

But locally attached USB drive set to read only would still be protected? Previous tests seemed to indicate this?

 

I have dropped it also, using Pumpernickel now

 

SecureFolders main purpose wasnt to stop ransomwares but just hide folders, no?

 

Agreed 100%. There's no telling what kind of tricks a security researcher or hacker could do to manipulate that USB drive to function more like a network device, with drivers or otherwise. It's scary stuff, indeed.

 

Just what I was looking for... the 1)... woo hoo!

 

You're right, SHvFI, Secure Folders is abandonware now, but there is still a glimmer hope:
https://www.wilderssecurity.com/threads/easy-file-locker-2-1-released.385704/
Easy File Locker could soon be an excellent alternative to SF.

 

I'm only using it for 2 things at the moment...
1) set dnsapi.dll to read only (I hex-edited the Microsoft domain names out of it)
2) set dfshim.dll and dsquery.dll to no execution (these two dll's were mentioned in the vulnerable process list)

EFL doesn't allow additions of Windows folders and/or files, which was a dealbreaker for me. Until I realised my Temp directory is on a non-system partition, so reinstalled it... woo hoo!

 

Excuse me if this is already found within these forums but I ran across a pretty unique manually applied NTFS Permissions Tool.

http://dbcstudio.net/software.html

In combo with SF I found that while it maybe redundant for some users, maybe it could also serve as a compliment. Ideas?

 

Looks very interesting

 

It doesn't always show correct access-rights.
If i create a directory where all users have access ("Everyone") and the owner is "Everyone" it shows me: Access Rights of current user: Denied
"You don't currently have permission to access this folder. Do you want to access to this folder anyway?"
But everyone has permission to access it

 

Thanks for the info, mood. Secure Folders is probably still far superior to similar programs, despite the fact that SF has been "abandonware" for about two years. Abandoned or not, I still use it because it's still the best out there. Just my 2 cents.

 

FWIW - and in case anyone else notices this - on my secondary machine I noticed that Windows 10 Start right click menu options like Control Panel, Command Prompt, etc. would no longer open. I must say I am pretty sure I used these options after my mid-July upgrade from 7 to 10, so I am not sure when this started.

Found this post: https://superuser.com/questions/947367/windows-10-start-right-click-context-menu-items-dont-open

Using Nir Sofer's ShellExView, I tracked down the problematic shell extension to be Secure Folders Shell Class, which is shown for directories. Disabling it solved my problem.

(I tried to use the program locate the CLSID in the registry and delete or disable that also, as suggested in the above thread, but there were two REG_SZ entries that did not seem related to Secure Folders, so just left that as I am not confident of messing with the registry if I don't know what I'm doing).

I don't need the directory shell extension, as I only use SF to protect my USB backup drive, except from backup / imaging programs.

But seeing SF is abandoned I may switch to Pumpernickel / FIDES, which I use on my primary machine, on that machine also.

 

Can SF be used like SRP?
Add %Appdata% in and set to Read-only or Locked or something like that?