Thanks. In that case does it log anything to the event log, so you know malware has attempted to infect a process? If not, it's not for me and I will stick with HMP. Alert which provides more protections and greater visibility.
Is there someone here who can make a comparison between Mitigation protection between GFlagsX and HMP.Alert ?
The program itself is only a GUI for setting process mitigations in the registry "via IFEO registry settings". After mitigations have been set, Windows "is taking over" and is enforcing them (When your application starts, OS will look for specific registry values under that reg key, and act accordingly - #) You have to rely on "cryptic" events from the Windows Event Viewer (if it is logged at all)
As mood said, GFlagsX essentially applies only Microsoft built-in system mitigations as a per-process configuration. I've been cooking up a Dark build of GFlagsX. The only remaining problem is that I still can't figure out how to either remove the tab at the top or have that tab colored in dark as well. No luck yet which is why you can see a small white box in the top left corner. Anyway, if I can resolve that issue I will upload this Dark build later on tonight.
@askmark You're welcome. But as you had mentioned, if you want more visibility and more understanding of what is occurring on your system then HMP.A is definitely the better choice. It is quite likely that HMP.A utilize some (or many) of these mitigations already but via internal API in which they are able to capture more details of the process and actions being taken. And of course, they've got many, many additional mitigations as well. GFlagsX is more about making OS built-in security features more easily accessible. Part of a "Living Off The Land" or "Defending Off The Land" type of strategy but certainly could also be combined with other strategies as well.
GFlagsX with Dark Theme Link: https://sendit.cloud/57rfbb3odbk1 * I still have not figured out how to remove the small white tab in the top left corned yet.
Thanks again WildByDesign. Love it. I've added my media player as I have it protected with MemProtect. I use MPC-BE with madVR and LAV filters mpc-be64.exe - 1111010101111105 This works with MPC-HC and PotPlayer too. If your using Windows Media Player you could probably turn "Block Non-Microsoft Binaries" to "Always On" aswell (untested as I have it disabled)
@Mister X @JimboW You're welcome. Thank you for sharing your media player details as well JimboW. I use similar settings with MPC-HC with great results as well. Also, the "Block Non-Microsoft Binaries" to "Always On" works fantastic for Microsoft Office apps as well which denies the injection of any non-Microsoft signed .dll modules into Word, Excel, etc.
@WildByDesign Should I understand you actually did compile latest version 0.21 with your dark theme? Btw version 0.21 is not compiled in author's thread @github. Previous versions are.
Yes the few builds that I provided so far were all compiled by me based on version 0.21 and compiled with Visual Studio 2017. It's still driving me crazy trying to remove that small white box (tab) in the corner though. But I will have a look at the code again later tonight.
@WildByDesign Could you please make a comparison between the differences Mitigation protections between GFlagsX and HMP.Alert ?
I am always happy to help and specifically when I've got the appropriate understanding and details. But unfortunately in this case, I have never actually installed or used HMP.Alert and therefore don't have any experience with it. HMP.A definitely has a lot more to it and GFlagsX simply allows the user to enable/disable Windows operating system built-in process mitigations. Quite likely, you may very well be able to combine both but that would not be necessary. At the moment on Creators Update, for example, I am running all of these process mitigations via GFlagsX combined with literally all process mitigations within EMET 5.52 until the Fall Creators Update where Microsoft will add the remaining EMET mitigations. I had given up on EMET for a few weeks but once I realized that Microsoft was taking the time to add EAF, EAF+ and those other ROP mitigations directly into the OS for Fall Creators Update, that signifies to me that there is still value in those mitigations.
Here is an updated build of GFlagsX. I've included binaries for both Light and Dark theme. Please keep in mind that the Dark theme still has a visual glitch at the top where I can't figure out how to either hide the tab or apply color to the tab without destroying the functionality. This build is also based on the source code from 0.21 and I've just cleaned up the UI. I've tried my best to align things and look nicer. GFlagsX (2017-06-25) Link: https://sendit.cloud/k2rp2qwakozf
@WildByDesign A little request and for the sake of aesthetics (sorry for bugging you btw), could you add this icon to the executable? It's found in the source code package.
The icon size bothered me as well. I've fixed it now although it may not be perfect because the way in which the developer resizes the icon dynamically in the source code makes it hard to match. Anyway, hopefully this is improved. GFlagsX (2017-06-25-iconfix) Link: https://sendit.cloud/9j17corjg0wf I agree, I would prefer the black version if I can figure that line (tab) situation. I will have a look at the code again soon. @ExtremeGamerBR You're welcome. Glad you are enjoying it.
@Mister X OK I see what you mean. I should be able to do that with Resource Hacker. I'll let you know how it goes.
GFlagsX (2017-06-25-iconfix2) Link: https://sendit.cloud/26vptyavwzq5 * includes application icon fix as well