MemProtect - Support & Discussion

Discussion in 'other anti-malware software' started by WildByDesign, Aug 21, 2016.

  1. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    So I did quite a bit of testing with the latest internal version of MemProtect with support for filtering .DLL modules. Particularly, I was testing using a Default Allow type of concept and blocking known application whitelisting bypass techniques with the following rules below:

    Code:
    [MODULEWHITELIST]
    *>*
    [MODULEBLACKLIST]
    #   Blocking the regsvr32 application whitelisting bypass techniques
    #   Source: https://github.com/iadgov/Secure-Host-Baseline/tree/master/EMET
    *regsvr32.exe>*scrobj.dll
    *regsvr32.exe>*scrrun.dll
    *regsvr32.exe>*mshtml.dll
    *regsvr32.exe>*jscript*.dll
    #   Blocking the rundll32 application whitelisting bypass techniques
    *rundll32.exe>*scrobj.dll
    *rundll32.exe>*scrrun.dll
    *regsvr32.exe>*mshtml.dll
    *regsvr32.exe>*jscript*.dll
    #   Blocking rundll32 from loading PowerShell
    *rundll32.exe>*System.Management.Automation*.dll
    #   Blocking malicious OLE packages in Microsoft Office products
    *\OFFICE1*\EXCELC.EXE>*flash*.ocx
    *\OFFICE1*\EXCELC.EXE>*packager.dll
    *\OFFICE1*\WINWORDC.EXE>*flash*.ocx
    *\OFFICE1*\WINWORDC.EXE>*packager.dll

    By default, it would have been Default Deny if I had not added the *>* to the [MODULEWHITELIST] section. But the great thing about any of Florian's kernel-mode drivers is that you can take different security concepts in many different directions of granularity dependent upon the users' own needs and goals that they want to achieve. Certainly you could go much deeper and specify every single .DLL module to load into any specific executable (eg. chrome.exe) and therefore any other unknown module would be blacklisted, if you went Default Deny.

    This is just preliminary testing prior to this build hitting Beta. But essentially this replicates EMET's ASR (attack surface reduction) feature in which you can whitelist and/or blacklist specific .DLL modules from loading/injecting into any process in Windows. Super, super powerful feature. And from my testing so far this seems to have much greater reach and depth in comparison to EMET's ASR feature. I believe EMET's ASR feature was being implemented in user-mode whereas MemProtect is entirely kernel-mode.

    In my testing, this has blocked any kind of .DLL module injections that I have tried thus far. And on top of that, I have experience zero issues. Kudos to Florian for this achievement.

    On a side note, Florian tells me that he has been developing at least one kernel-mode networking filter driver. Interesting times to come... :thumb:

    Anyway, later on today I will catch up with Florian again when I have a moment and I will let him know how well testing is going so far as far as stability and usability goes.
     
  2. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    All great information. Thanks for sharing.
     
  3. guest

    guest Guest

    Then the user is able to block dropped .dll's from injecting into processes with this new feature.
    For example:
    Code:
    [MODULEWHITELIST]
    *>*
    [MODULEBLACKLIST]
    *>C:\Windows\Temp\*.dll
    *>C:\Users\*\AppData\Local\Temp\*.dll
    Some more ideas:
    Code:
    [MODULEWHITELIST]
    *>*
    [MODULEBLACKLIST]
    #  Prevent the injection of the Shell Extension (Beyond Compare) into the filemanager Total Commander
    *totalcmd64.exe>*\Beyond Compare 4\BCShellEx64.dll
    
    # Prevent HMP.A from injecting into XYplorer
    *\Program Files (x86)\XYplorer\XYplorer.exe>c:\Windows\SysWOW64\hmpalert.dll
    
     
  4. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,351
    @WildByDesign and @mood

    Thank you guys very much! Great news and ideas.
     
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Has anyone tried guarding lsass.exe with MemProtect? I'm not even sure what MemProtect's default policy is anymore. I remember when it was first released it Guarded pretty much all the System Space executables.
     
  6. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    @mood You are brilliant! Thank you for sharing those creative ideas. I like the way that your mind works and I look forward to seeing this reach Beta hopefully soon. Here I was, 100% excited for this new development for MemProtect and now 150% excited after your creative use of rules. And now after testing your rules briefly, they work exactly as you had expected. :cool:

    It would be possible to protect lsass.exe with MemProtect, absolutely. However it would require very carefully crafted rules. You can protect any executable in Windows regardless of whether it is in user space or system space.

    Running lsass.exe as protected process-light from here (https://www.petri.com/enable-lsa-protection-windows-8-1-server-2012-r2) is sufficient and also locked down further via SecureBoot/UEFI.
     
  7. guest

    guest Guest

    Good to see that my ideas are working with the new version.
    I guess it will be fun for me to elaborate new rules after the beta has been released :thumb:

    If something bad happens after creating rules for lsass.exe or other system-critical processes (the system can't be booted, etc..)
    then it is sufficient to boot a live-cd (or boot into Safe Mode) and after removing of the corresponding rules from the MemProtect.ini the issue should be solved, and the system can be booted again.
     
  8. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    Hi mood,

    I don't want to go off-topic, so please allow me a quick question.
    Were it just examples you gave, in particular your example for BeyondCompare? For years and years I'm using the older version 2 of BeyondCompare. Did you have a specific reason to mention it, or was it just only an example of what MemProtect could do?
     
  9. guest

    guest Guest

    Exactly this :)
    I looked into the list of loaded modules with Process Hacker and i chose one module for demonstrating it.
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Terrific! mood.

    Excubits is been on the back burner for me until time I can really devote the effort that I want to put into properly setting up the rules and you guys here, @WildByDesign in particular, have been inspirational and immensely helpful sharing your questions and answers.

    I have been visiting and revisiting these topics and it's helped to get a better grasp on it.
     
  11. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    +1:thumb:
     
  12. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    OK, thanks !

    Back to topic ;)
     
  13. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Good news, we might be seeing a surprise (or two) from Florian in the next 1-2 days. Keep an eye on the Beta Camp page over the next couple of days and the blog as well. The surprise will be sha256 digitally signed but not Microsoft cross-signed (EV cert). Although the sha256 signed surprise seems to run on my Creators Update machine without any signature related complaints. :thumb:
     
  14. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    411
    Location:
    router
    hope here find someone pro on coding:)
    my suggestion prevent launching cmd.exe and sc.exe for checking driver state
    and read driver state from registry or way that we can see in ProcessHacker
    and one tray app for all driver
     
  15. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    From: https://excubits.com/content/en/news.html


    Like most Excubits drivers, I recommend starting with non-lethal [#LETHAL] config. Also with MemProtect, I find starting with [DEFAULTALLOW] enabled is quite helpful. Default Allow also applies to .DLL filtering as well.
     
  16. 4Shizzle

    4Shizzle Registered Member

    Joined:
    May 27, 2015
    Posts:
    179
    Location:
    Europe
    I start experiment with this: no cmd.exe needed
    Code:
    Dim $Obj_WMIService = ObjGet('winmgmts:{impersonationLevel=impersonate}!\\' & @ComputerName & '\root\cimv2');
    If (IsObj($Obj_WMIService)) And (Not @error) Then
        Dim $Col_Items = $Obj_WMIService.ExecQuery("SELECT * FROM Win32_SystemDriver WHERE Name='Bouncer'") ; or use MemProtect, Pumpernickel, etc.
        For $Obj_Item In $Col_Items
            ; $Obj_Item.Name  is Bouncer
            ; $Obj_Item.State is state of driver
            ; call $Obj_Item.StartService() with admin then you can start or StopService()
        Next
    
    :) ready for the weekends. time to having fun.
     
  17. guest

    guest Guest

    Oh, the new beta has arrived. It's time to do some experiments :)
     
  18. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,351
    Here we go:

    Code:
    [#INSTALLMODE]
    [#LETHAL]
    [LOGGING]
    [DEFAULTALLOW]
    [MODULEFILTER]
    [WHITELIST]
    #    [KeePass - Base Rules]
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\ctfmon.exe
    !C:\Windows\System32\svchost.exe>D:\Programas\Keepass\KeePass.exe
    !C:\Windows\System32\lsass.exe>D:\Programas\Keepass\KeePass.exe
    !C:\Windows\System32\audiodg.exe>D:\Programas\Keepass\KeePass.exe
    !C:\Windows\System32\csrss.exe>D:\Programas\Keepass\KeePass.exe
    !C:\Windows\explorer.exe>D:\Programas\Keepass\KeePass.exe
    #    [Chromium - Base Rules]
    !D:\Programas\Chromium\*\chromium\chrome.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\explorer.exe
    !C:\Windows\explorer.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Windows\System32\csrss.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Windows\System32\svchost.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Windows\System32\spoolsv.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Windows\System32\sihost.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Windows\System32\lsass.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Windows\System32\audiodg.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Windows\System32\dllhost.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Windows\System32\wbem\WmiPrvSE.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    #    [Chromium - Security]
    !C:\Windows\System32\smartscreen.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Windows\System32\MRT.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    #    [Chromium - Printing Support]
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\spool\drivers\*
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\splwow64.exe
    !C:\Windows\splwow64.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    #    [Chromium - Additional Programs]
    !C:\Program Files\Process Lasso\ProcessLasso.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Program Files\Process Lasso\ProcessGovernor.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Windows\System32\Taskmgr.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !D:\Programas\Process Explorer\Process Explorer.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !D:\Programas\Process Hacker\x64\ProcessHacker.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !D:\Programas\Chromium\*\chrlancher\chrlauncher.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    #    [Foobar2000 - Base Rules]
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\foobar2000.exe
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_out_wasapi\WASAPIHost64.exe
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\explorer.exe
    !C:\Windows\explorer.exe>D:\Programas\foobar2000\foobar2000.exe
    !C:\Windows\System32\svchost.exe>D:\Programas\foobar2000\foobar2000.exe
    !C:\Windows\System32\csrss.exe>D:\Programas\foobar2000\foobar2000.exe
    !C:\Windows\System32\lsass.exe>D:\Programas\foobar2000\foobar2000.exe
    #    [Foobar2000 - Additional Programs]
    !C:\Program Files\Process Lasso\ProcessLasso.exe>D:\Programas\foobar2000\foobar2000.exe
    !C:\Program Files\Process Lasso\ProcessGovernor.exe>D:\Programas\foobar2000\foobar2000.exe
    !C:\Windows\System32\Taskmgr.exe>D:\Programas\foobar2000\foobar2000.exe
    !D:\Programas\Process Explorer\Process Explorer.exe>D:\Programas\foobar2000\foobar2000.exe
    !D:\Programas\Process Hacker\x64\ProcessHacker.exe>D:\Programas\foobar2000\foobar2000.exe
    [BLACKLIST]
    #    [Block memory access to/from KeePass - Silenced]
    $*\VMware\*>*KeePass.exe
    $*\Steam\*>*KeePass.exe
    $*\Office1?\*>*KeePass.exe
    $*\Chromium\*>*KeePass.exe
    $*\Process Lasso\*>*KeePass.exe
    $*\Process Explorer\*>*KeePass.exe
    $*\Process Hacker\*>*KeePass.exe
    $*\NVIDIA Corporation\*>*KeePass.exe
    $*KeePass.exe>*explorer.exe
    $*Taskmgr.exe>*KeePass.exe
    #    [Block memory access to/from Chromium - Silenced]
    $*\VMware\*>*chrome.exe
    $*\Steam\*>*chrome.exe
    $*\Office1?\*>*chrome.exe
    $*NvSHIM.exe>*chrome.exe
    $*chrome.exe>*chrlauncher.exe
    #    [Block memory access to/from Foobar2000 - Silenced]
    $*\VMware\*>*foobar2000.exe
    $*\Steam\*>*foobar2000.exe
    $*\Office1?\*>*foobar2000.exe
    $*\Chromium\*>*foobar2000.exe
    #    [Block memory access to/from KeePass]
    *>*KeePass.exe
    *KeePass.exe>*
    #    [Block memory access to/from Chromium]
    *>*chrome.exe
    *chrome.exe>*
    #    [Block memory access to/from Foobar2000]
    *>*foobar2000.exe
    *foobar2000.exe>*
    [MODULEWHITELIST]
    #    [KeePass - Module Base Rules]
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\mscoree.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\version.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\msvcr120_clr0400.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\uxtheme.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\cryptsp.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\rsaenh.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\bcrypt.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\cryptbase.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\dwmapi.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\secur32.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\sspicli.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\DWrite.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\riched20.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\usp10.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\msls31.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\WindowsCodecs.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\DataExchange.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\d3d11.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\dcomp.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\dxgi.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\twinapi.appcore.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\TextInputFramework.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\CoreUIComponents.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\CoreMessaging.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\ntmarta.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\WinTypes.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\usermgrcli.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\wtsapi32.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\winsta.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\ExplorerFrame.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\ctfmon.exe
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\winmm.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\winmmbase.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\MMDevAPI.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\devobj.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\propsys.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\wdmaud.drv
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\ksuser.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\avrt.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\AudioSes.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\msacm32.drv
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\msacm32.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\midimap.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\winspool.drv
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\edputil.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\duser.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\xmllite.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\atlthunk.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\Microsoft.NET\Framework64\*\mscoreei.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\Microsoft.NET\Framework64\*\clrcompression.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\Microsoft.NET\Framework64\*\clr.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\Microsoft.NET\Framework64\*\clrjit.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\assembly\*\mscorlib\*\mscorlib.ni.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\assembly\*\System\*\System.ni.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\assembly\*\System.Drawing\*\System.Drawing.ni.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\assembly\*\System.Windows.Forms\*\System.Windows.Forms.ni.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\assembly\*\System.Xml\*\System.Xml.ni.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\assembly\*\System.Core\*\System.Core.ni.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\assembly\*\System.Configuration\*\System.Configuration.ni.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\WinSxS\*\comctl32.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\WinSxS\*\GdiPlus.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
    !D:\Programas\Keepass\KeePass.exe>D:\Programas\Keepass\KeePassLibC64.dll
    #    [Chromium - Module Base Rules]
    !D:\Programas\Chromium\*\chrlancher\chrlauncher.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !D:\Programas\Chromium\*\chromium\chrome.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !D:\Programas\Chromium\*\chromium\chrome.exe>D:\Programas\Chromium\*\chromium\chrome_elf.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>D:\Programas\Chromium\*\chromium\chrome.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>D:\Programas\Chromium\*\chromium\chrome_child.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>D:\Programas\Chromium\*\chromium\libglesv2.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>D:\Programas\Chromium\*\chromium\libegl.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\version.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\winmm.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\winhttp.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\winmmbase.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\cryptbase.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\uxtheme.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\dwmapi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\usp10.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\credui.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\netapi32.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\msi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\userenv.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\ncrypt.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\oleacc.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\wtsapi32.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\hid.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\wevtapi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\ntasn1.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\netutils.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\samcli.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\ntmarta.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\KBDBR.DLL
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\nlaapi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\dhcpcsvc6.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\dhcpcsvc.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\wkscli.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\gpapi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\devobj.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\AudioSes.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\MMDevAPI.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\avrt.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\propsys.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\wlanapi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\mdmregistration.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\dmcmnutils.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\msvcp110_win.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\FirewallAPI.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\fwbase.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\winsta.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\fwpolicyiomgr.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\mscms.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\DataExchange.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\twinapi.appcore.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\mf.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\mfplat.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\RTWorkQ.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\msmpeg2vdec.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\mfperfhelper.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\twinapi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\TextInputFramework.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\dxva2.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\msvproc.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\CoreUIComponents.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\CoreMessaging.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\D3DCompiler_47.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\usermgrcli.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\d3d9.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\dxgi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\d3d11.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\dcomp.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\ResourcePolicyClient.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\atlthunk.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\DriverStore\FileRepository\*\nvldumdx.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\ExplorerFrame.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\linkinfo.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\DriverStore\FileRepository\*\nvwgf2umx_cfg.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\mswsock.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\rasadhlp.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\dnsapi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\FWPUCLNT.DLL
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\CompPkgSup.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\WinTypes.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\mfh264enc.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\IPHLPAPI.DLL
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\secur32.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\urlmon.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\dbghelp.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\winspool.drv
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\DWrite.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\iertutil.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\bcrypt.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\ole32.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\ws2_32.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\sspicli.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\cryptsp.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\rsaenh.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\cryptnet.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\winnsi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\dpapi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\samlib.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\ntshrui.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\srvcli.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\cscapi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\WinSxS\*\comctl32.dll
    #    [Foobar2000 - Module Base Rules]
    !C:\Windows\explorer.exe>D:\Programas\foobar2000\foobar2000.exe
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_out_wasapi\WASAPIHost64.exe
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\avcodec-fb2k-??.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\avutil-fb2k-??.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\zlib1.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\shared.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\VST Plugins\Morphit\Morphit.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\VST Plugins\TB Isone\TB_Isone_v3.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_bitcompare\foo_bitcompare.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_uie_lyrics3\foo_uie_lyrics3.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\components\foo_rgscan.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_uie_vis_channel_spectrum\foo_uie_vis_channel_spectrum.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\components\foo_input_std.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_vst\foo_vst.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_ui_columns\foo_ui_columns.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\components\foo_dsp_eq.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\components\foo_albumlist.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_hdcd\foo_hdcd.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_dynamic_range\foo_dynamic_range.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\components\foo_converter.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\components\foo_dsp_std.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\components\foo_unpack.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\components\foo_freedb2.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_out_wasapi\foo_out_wasapi.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\components\foo_fileops.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\components\foo_ui_std.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_jscript_panel\foo_jscript_panel.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\components\foo_cdda.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_verifier\foo_verifier.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_abx\foo_abx.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\WinSxS\*\comctl32.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\WinSxS\*\GdiPlus.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\dsound.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\winmm.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\uxtheme.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\winmmbase.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\secur32.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\winhttp.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\dbghelp.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\dbgcore.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\dwmapi.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\msacm32.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\msimg32.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\usp10.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\urlmon.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\iertutil.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\wininet.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\WindowsCodecs.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\DataExchange.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\d3d11.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\dcomp.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\dxgi.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\twinapi.appcore.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\bcrypt.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\sxs.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\TextInputFramework.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\CoreUIComponents.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\CoreMessaging.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\ntmarta.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\usermgrcli.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\WinTypes.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\jscript9.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\scrrun.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\version.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\DWrite.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\opengl32.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\glu32.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\ExplorerFrame.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\avrt.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\msxml3.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\mlang.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\msIso.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\IPHLPAPI.DLL
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\mswsock.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\winnsi.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\dpapi.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\cryptsp.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\rsaenh.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\dnsapi.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\rasadhlp.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\FWPUCLNT.DLL
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\schannel.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\mskeyprotect.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\ncrypt.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\ntasn1.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\cryptnet.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\ncryptsslp.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\wshom.ocx
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\mpr.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\mshtml.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\srpapi.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\ieframe.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\netapi32.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\dsreg.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\netutils.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\wkscli.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\msvcp110_win.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\UIAutomationCore.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\wldp.dll
    [MODULEBLACKLIST]
    #    [Block module access to/from KeePass]
    *>*KeePass.exe
    *KeePass.exe>*
    #    [Block module access to/from Chromium]
    *>*chrome.exe
    *chrome.exe>*
    #    [Block module access to/from Foobar2000]
    *>*foobar2000.exe
    *foobar2000.exe>*
    [EOF]
    
    

    Chromium, Foobar2000 and KeePass locked down!

    This may be a very useful website: http://www.textfixer.com/tools/remove-duplicate-lines.php

    EDIT: Added Foobar2000 and some minor corrections.
     
    Last edited: Jun 9, 2017
  19. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    @mood Without a doubt, I look forward to seeing whatever unique and creative ideas you come up with.


    @ExtremeGamerBR Awesome, thank you for sharing. I've got a tremendous amount of respect for the quality and thoroughness of your rule set. Your Chromium and KeePass are like Fort Knox now with no chance for memory injection attacks,


    What blows my mind the most with what Florian has achieved here is that there is essentially zero overhead on performance. :thumb:

    This is a game changer. We've got almost as much control with MemProtect now as we do with Bouncer. Although of course Bouncer has the much needed command line and interpreter parsing/filtering. Bouncer and MemProtect together are rock solid.
     
  20. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    I forgot to followup on this, but I ended up having some DismHost.exe blockages of .DLL modules specifically because of these rules. But since these rules are great and I would like to keep using them, I've created a simple one-line DISM rule to prevent those blockages and allow it to function appropriately.

    Code:
    [MODULEWHITELIST]
    #    DISM
    !??*\Temp\????????-????-????-????-????????????\DismHost.exe>??*\Temp\????????-????-????-????-????????????\*.dll
     
  21. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,351
    You are welcome! I really like your rule set too! :thumb:

    But, I had an unexpected problem. Is there a limit of kb in the .ini of this beta driver? When it arrived at 64 ~ 65kb the driver does not load and says it does not have enough resources.

    Code:
    [#INSTALLMODE]
    [#LETHAL]
    [LOGGING]
    [DEFAULTALLOW]
    [MODULEFILTER]
    [WHITELIST]
    #    [KeePass - Base Rules]
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\ctfmon.exe
    !C:\Windows\System32\svchost.exe>D:\Programas\Keepass\KeePass.exe
    !C:\Windows\System32\lsass.exe>D:\Programas\Keepass\KeePass.exe
    !C:\Windows\System32\audiodg.exe>D:\Programas\Keepass\KeePass.exe
    !C:\Windows\System32\csrss.exe>D:\Programas\Keepass\KeePass.exe
    !C:\Windows\explorer.exe>D:\Programas\Keepass\KeePass.exe
    #    [Chromium - Base Rules]
    !D:\Programas\Chromium\*\chromium\chrome.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\explorer.exe
    !C:\Windows\explorer.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Windows\System32\csrss.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Windows\System32\svchost.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Windows\System32\spoolsv.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Windows\System32\sihost.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Windows\System32\lsass.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Windows\System32\audiodg.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Windows\System32\dllhost.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Windows\System32\wbem\WmiPrvSE.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    #    [Chromium - Security]
    !C:\Windows\System32\smartscreen.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Windows\System32\MRT.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    #    [Chromium - Printing Support]
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\spool\drivers\*
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\splwow64.exe
    !C:\Windows\splwow64.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    #    [Chromium - Additional Programs]
    !C:\Program Files\Process Lasso\ProcessLasso.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Program Files\Process Lasso\ProcessGovernor.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Windows\System32\Taskmgr.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !D:\Programas\Process Explorer\Process Explorer.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !D:\Programas\Process Hacker\x64\ProcessHacker.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !D:\Programas\Chromium\*\chrlancher\chrlauncher.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !C:\Users\Rodolfo\AppData\Local\Temp\Procmon64.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    #    [Foobar2000 - Base Rules]
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\foobar2000.exe
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_out_wasapi\WASAPIHost64.exe
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\explorer.exe
    !C:\Windows\explorer.exe>D:\Programas\foobar2000\foobar2000.exe
    !C:\Windows\System32\svchost.exe>D:\Programas\foobar2000\foobar2000.exe
    !C:\Windows\System32\csrss.exe>D:\Programas\foobar2000\foobar2000.exe
    !C:\Windows\System32\lsass.exe>D:\Programas\foobar2000\foobar2000.exe
    #    [Foobar2000 - Additional Programs]
    !C:\Program Files\Process Lasso\ProcessLasso.exe>D:\Programas\foobar2000\foobar2000.exe
    !C:\Program Files\Process Lasso\ProcessGovernor.exe>D:\Programas\foobar2000\foobar2000.exe
    !C:\Windows\System32\Taskmgr.exe>D:\Programas\foobar2000\foobar2000.exe
    !D:\Programas\Process Explorer\Process Explorer.exe>D:\Programas\foobar2000\foobar2000.exe
    !D:\Programas\Process Hacker\x64\ProcessHacker.exe>D:\Programas\foobar2000\foobar2000.exe
    !C:\Users\Rodolfo\AppData\Local\Temp\Procmon64.exe>D:\Programas\foobar2000\foobar2000.exe
    #    [Edge - Base Rules]
    !C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    !C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    !C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    !C:\Windows\System32\sihost.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    !C:\Windows\System32\svchost.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    !C:\Windows\System32\sihost.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    !C:\Windows\System32\svchost.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    !C:\Windows\System32\csrss.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    !C:\Windows\System32\csrss.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    !C:\Windows\explorer.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    !C:\Windows\explorer.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    !C:\Windows\System32\RuntimeBroker.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    !C:\Windows\System32\RuntimeBroker.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    !C:\Windows\System32\browser_broker.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    !C:\Windows\System32\browser_broker.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    !C:\Windows\System32\lsass.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    !C:\Windows\System32\lsass.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    !C:\Windows\System32\ApplicationFrameHost.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    !C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    !C:\Windows\System32\audiodg.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    #    [Edge - Security]
    !C:\Windows\System32\smartscreen.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    !C:\Windows\System32\smartscreen.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    #    [Edge - Printing Support]
    !C:\Windows\PrintDialog\PrintDialog.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    !C:\Windows\splwow64.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    !C:\Windows\System32\spoolsv.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    #    [Edge - Additional Programs]
    !C:\Program Files\Process Lasso\ProcessLasso.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    !C:\Program Files\Process Lasso\ProcessGovernor.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    !C:\Program Files\Process Lasso\ProcessLasso.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    !C:\Program Files\Process Lasso\ProcessGovernor.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    !C:\Windows\System32\Taskmgr.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    !C:\Windows\System32\Taskmgr.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    !D:\Programas\Process Explorer\Process Explorer.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    !D:\Programas\Process Explorer\Process Explorer.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    !D:\Programas\Process Hacker\x64\ProcessHacker.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    !D:\Programas\Process Hacker\x64\ProcessHacker.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    !C:\Users\Rodolfo\AppData\Local\Temp\Procmon64.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    !C:\Users\Rodolfo\AppData\Local\Temp\Procmon64.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    [BLACKLIST]
    #    [Block memory access to/from KeePass - Silenced]
    $*\VMware\*>*KeePass.exe
    $*\Steam\*>*KeePass.exe
    $*\Office1?\*>*KeePass.exe
    $*\Chromium\*>*KeePass.exe
    $*\Process Lasso\*>*KeePass.exe
    $*\Process Explorer\*>*KeePass.exe
    $*\Process Hacker\*>*KeePass.exe
    $*\NVIDIA Corporation\*>*KeePass.exe
    $*KeePass.exe>*explorer.exe
    $*Taskmgr.exe>*KeePass.exe
    $*Procmon64.exe>*KeePass.exe
    #    [Block memory access to/from Chromium - Silenced]
    $*\VMware\*>*chrome.exe
    $*\Steam\*>*chrome.exe
    $*\Office1?\*>*chrome.exe
    $*NvSHIM.exe>*chrome.exe
    $*chrome.exe>*chrlauncher.exe
    #    [Block memory access to/from Foobar2000 - Silenced]
    $*\VMware\*>*foobar2000.exe
    $*\Steam\*>*foobar2000.exe
    $*\Office1?\*>*foobar2000.exe
    $*\Chromium\*>*foobar2000.exe
    #    [Block memory access to/from Edge - Silenced]
    $*\VMware\*>*MicrosoftEdge.exe
    $*\Steam\*>*MicrosoftEdge.exe
    $*\Office1?\*>*MicrosoftEdge.exe
    $*\Chromium\*>*MicrosoftEdge.exe
    $*\VMware\*>*MicrosoftEdgeCP.exe
    $*\Steam\*>*MicrosoftEdgeCP.exe
    $*\Office1?\*>*MicrosoftEdgeCP.exe
    $*\Chromium\*>*MicrosoftEdgeCP.exe
    #    [Block memory access to/from KeePass]
    *>*KeePass.exe
    *KeePass.exe>*
    #    [Block memory access to/from Chromium]
    *>*chrome.exe
    *chrome.exe>*
    #    [Block memory access to/from Foobar2000]
    *>*foobar2000.exe
    *foobar2000.exe>*
    #    [Block memory access to/from Edge]
    *>*MicrosoftEdge.exe
    *>*MicrosoftEdgeCP.exe
    *MicrosoftEdge.exe*>
    *MicrosoftEdgeCP.exe*>
    [MODULEWHITELIST]
    #    [KeePass - Module Base Rules]
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\mscoree.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\version.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\msvcr120_clr0400.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\uxtheme.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\cryptsp.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\rsaenh.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\bcrypt.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\cryptbase.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\dwmapi.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\secur32.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\sspicli.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\DWrite.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\riched20.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\usp10.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\msls31.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\WindowsCodecs.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\DataExchange.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\d3d11.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\dcomp.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\dxgi.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\twinapi.appcore.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\TextInputFramework.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\CoreUIComponents.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\CoreMessaging.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\ntmarta.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\WinTypes.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\usermgrcli.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\wtsapi32.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\winsta.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\ExplorerFrame.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\ctfmon.exe
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\winmm.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\winmmbase.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\MMDevAPI.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\devobj.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\propsys.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\wdmaud.drv
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\ksuser.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\avrt.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\AudioSes.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\msacm32.drv
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\msacm32.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\midimap.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\winspool.drv
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\edputil.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\duser.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\xmllite.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\System32\atlthunk.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\Microsoft.NET\Framework64\*\mscoreei.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\Microsoft.NET\Framework64\*\clrcompression.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\Microsoft.NET\Framework64\*\clr.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\Microsoft.NET\Framework64\*\clrjit.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\assembly\*\mscorlib\*\mscorlib.ni.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\assembly\*\System\*\System.ni.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\assembly\*\System.Drawing\*\System.Drawing.ni.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\assembly\*\System.Windows.Forms\*\System.Windows.Forms.ni.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\assembly\*\System.Xml\*\System.Xml.ni.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\assembly\*\System.Core\*\System.Core.ni.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\assembly\*\System.Configuration\*\System.Configuration.ni.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\WinSxS\*\comctl32.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Windows\WinSxS\*\GdiPlus.dll
    !D:\Programas\Keepass\KeePass.exe>C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
    !D:\Programas\Keepass\KeePass.exe>D:\Programas\Keepass\KeePassLibC64.dll
    #    [Chromium - Module Base Rules]
    !D:\Programas\Chromium\*\chrlancher\chrlauncher.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !D:\Programas\Chromium\*\chromium\chrome.exe>D:\Programas\Chromium\*\chromium\chrome.exe
    !D:\Programas\Chromium\*\chromium\chrome.exe>D:\Programas\Chromium\*\chromium\chrome_elf.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>D:\Programas\Chromium\*\chromium\chrome.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>D:\Programas\Chromium\*\chromium\chrome_child.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>D:\Programas\Chromium\*\chromium\libglesv2.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>D:\Programas\Chromium\*\chromium\libegl.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\version.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\winmm.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\winhttp.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\winmmbase.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\cryptbase.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\uxtheme.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\dwmapi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\usp10.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\credui.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\netapi32.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\msi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\userenv.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\ncrypt.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\oleacc.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\wtsapi32.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\hid.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\wevtapi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\ntasn1.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\netutils.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\samcli.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\ntmarta.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\KBDBR.DLL
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\nlaapi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\dhcpcsvc6.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\dhcpcsvc.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\wkscli.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\gpapi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\devobj.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\AudioSes.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\MMDevAPI.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\avrt.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\propsys.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\wlanapi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\mdmregistration.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\dmcmnutils.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\msvcp110_win.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\FirewallAPI.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\fwbase.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\winsta.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\fwpolicyiomgr.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\mscms.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\DataExchange.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\twinapi.appcore.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\mf.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\mfplat.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\RTWorkQ.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\msmpeg2vdec.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\mfperfhelper.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\twinapi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\TextInputFramework.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\dxva2.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\msvproc.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\CoreUIComponents.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\CoreMessaging.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\D3DCompiler_47.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\usermgrcli.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\d3d9.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\dxgi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\d3d11.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\dcomp.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\ResourcePolicyClient.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\atlthunk.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\DriverStore\FileRepository\*\nvldumdx.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\ExplorerFrame.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\linkinfo.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\DriverStore\FileRepository\*\nvwgf2umx_cfg.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\mswsock.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\rasadhlp.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\dnsapi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\FWPUCLNT.DLL
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\CompPkgSup.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\WinTypes.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\mfh264enc.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\IPHLPAPI.DLL
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\secur32.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\urlmon.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\dbghelp.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\winspool.drv
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\DWrite.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\iertutil.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\bcrypt.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\ole32.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\ws2_32.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\sspicli.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\cryptsp.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\rsaenh.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\cryptnet.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\winnsi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\dpapi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\samlib.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\ntshrui.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\srvcli.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\cscapi.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\WinSxS\*\comctl32.dll
    #    [Chromium - Module Printing Support]
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\netprofm.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\npmproxy.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\spool\drivers\x64\3\UNIDRVUI.DLL
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\spool\drivers\x64\3\hpygidres17.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\spool\drivers\x64\3\MXDWDRV.DLL
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\xmllite.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\OpcServices.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\xpsservices.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\msxml6.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\wininet.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\msIso.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\fontsub.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\apphelp.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\prnfldr.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\spool\drivers\x64\3\hpygidUI17.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\prntvpt.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\spool\drivers\x64\3\hpygidudm.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\spool\drivers\x64\3\hpbuio.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\wsnmp32.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\wsock32.dll
    #    [Foobar2000 - Module Base Rules]
    !C:\Windows\explorer.exe>D:\Programas\foobar2000\foobar2000.exe
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_out_wasapi\WASAPIHost64.exe
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\avcodec-fb2k-??.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\avutil-fb2k-??.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\zlib1.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\shared.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\VST Plugins\Morphit\Morphit.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\VST Plugins\TB Isone\TB_Isone_v3.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_bitcompare\foo_bitcompare.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_uie_lyrics3\foo_uie_lyrics3.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\components\foo_rgscan.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_uie_vis_channel_spectrum\foo_uie_vis_channel_spectrum.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\components\foo_input_std.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_vst\foo_vst.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_ui_columns\foo_ui_columns.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\components\foo_dsp_eq.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\components\foo_albumlist.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_hdcd\foo_hdcd.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_dynamic_range\foo_dynamic_range.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\components\foo_converter.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\components\foo_dsp_std.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\components\foo_unpack.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\components\foo_freedb2.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_out_wasapi\foo_out_wasapi.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\components\foo_fileops.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\components\foo_ui_std.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_jscript_panel\foo_jscript_panel.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\components\foo_cdda.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_verifier\foo_verifier.dll
    !D:\Programas\foobar2000\foobar2000.exe>D:\Programas\foobar2000\user-components\foo_abx\foo_abx.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\WinSxS\*\comctl32.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\WinSxS\*\GdiPlus.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\dsound.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\winmm.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\uxtheme.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\winmmbase.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\secur32.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\winhttp.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\dbghelp.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\dbgcore.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\dwmapi.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\msacm32.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\msimg32.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\usp10.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\urlmon.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\iertutil.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\wininet.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\WindowsCodecs.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\DataExchange.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\d3d11.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\dcomp.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\dxgi.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\twinapi.appcore.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\bcrypt.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\sxs.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\TextInputFramework.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\CoreUIComponents.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\CoreMessaging.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\ntmarta.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\usermgrcli.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\WinTypes.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\jscript9.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\scrrun.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\version.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\DWrite.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\opengl32.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\glu32.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\ExplorerFrame.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\avrt.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\msxml3.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\mlang.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\msIso.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\IPHLPAPI.DLL
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\mswsock.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\winnsi.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\dpapi.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\cryptsp.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\rsaenh.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\dnsapi.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\rasadhlp.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\FWPUCLNT.DLL
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\schannel.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\mskeyprotect.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\ncrypt.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\ntasn1.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\cryptnet.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\ncryptsslp.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\wshom.ocx
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\mpr.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\mshtml.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\srpapi.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\ieframe.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\netapi32.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\dsreg.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\netutils.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\wkscli.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\msvcp110_win.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\UIAutomationCore.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\wldp.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\dhcpcsvc6.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\dhcpcsvc.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\WindowsCodecsExt.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\mscms.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\userenv.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\icm32.dll
    !D:\Programas\foobar2000\foobar2000.exe>C:\Windows\SysWOW64\propsys.dll
    #    [Edge - Module Base Rules]
    !C:\Windows\System32\svchost.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    !C:\Windows\System32\svchost.exe>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    [MODULEBLACKLIST]
    #    [Block module access to/from KeePass]
    *>*KeePass.exe
    *KeePass.exe>*
    #    [Block module access to/from Chromium]
    *>*chrome.exe
    *chrome.exe>*
    #    [Block module access to/from Foobar2000]
    *>*foobar2000.exe
    *foobar2000.exe>*
    #    [Block module access to/from Edge]
    *>*MicrosoftEdge.exe
    *>*MicrosoftEdgeCP.exe
    *MicrosoftEdge.exe*>
    *MicrosoftEdgeCP.exe*>
    [EOF]
    
    

    BTW, Edge is now locked down too. Interesting is that it does not load any .dll.

    This happened after a added these lines:

    Code:
    #    [Chromium - Module Printing Support]
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\netprofm.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\npmproxy.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\spool\drivers\x64\3\UNIDRVUI.DLL
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\spool\drivers\x64\3\hpygidres17.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\spool\drivers\x64\3\MXDWDRV.DLL
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\xmllite.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\OpcServices.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\xpsservices.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\msxml6.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\wininet.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\msIso.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\fontsub.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\apphelp.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\prnfldr.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\spool\drivers\x64\3\hpygidUI17.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\prntvpt.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\spool\drivers\x64\3\hpygidudm.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\spool\drivers\x64\3\hpbuio.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\wsnmp32.dll
    !D:\Programas\Chromium\*\chromium\chrome.exe>C:\Windows\System32\wsock32.dll

    Anyone knows if there's a limitation?
     
  22. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    There likely is a limitation of size. You can try emailing Florian and asking if you can test a fully unlocked beta version. Especially if you are a licenced user, he wont mind hooking you up with an unlocked copy. Even if not licenced he may still allow for testing purposes. Also, I am sure that he would appreciate seeing your rule set too because he likes to see what users come up with and different ways we configure his drivers.
     
  23. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,351
    I just bought (I have not received my key yet). Now that Memprotect is supporting .dll etc, 65kb is a pretty low limit.

    EDIT: I just sent him a message.

    Thanks!
     
    Last edited: Jun 9, 2017
  24. guest

    guest Guest

    Yes, it is indeed a game changer.
    The user can choose MZWriteScanner to block .dll's in an early stage (as soon as they are dropped) or they can be blocked with Bouncer.
    And now they can be "filtered" with MemProtect in a granular way.
    If all three are combined, it is a pretty good defense.
     
  25. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Amen to MZwritescanner. It's taken mine a bit to settle in but it sure works.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.