Anti-Executable

Yup, some programs are just worth paying for and in my opinion (so far anyway, I'm still trialling) AE is one of them.

Acadia

 

I'm trying out EA today. Have set to High and so far set Crap cleaner and Perfect Disk 8 as trusted. Not sure if this is a good idea or not. was surprised that AE didn't pick these programs up.

Does anyone enable "delete prevention" or "copy prevention" as a matter of course ? must make using a machine a bit of a pain in a normal environment.
Probably only useful in public ?

 

AE makes a whitelist of any already installed executable on your computer during the installation. If you have bad executables during that time, those will be whitelisted as well.
So AE considers these executables as authorized, when you use them.

 

I enabled everything, except "Delete Prevention", because it caused errors in the copy/update and freeze function of FDISR.
Of course it's painful in a normal environment, that is the purpose of AE, any unauthorized executable (good or bad) is not allowed, which means you can't download or install new software, unless you turn AE off.
It's not painful anymore, once you get used to this.

 

AE will first identify an incoming executable then abort it plus offer it's location, but then that's it's chief purpose.

For some it's not that much of a trade-off to still AE long enough to download or install a program(s). Yes, it takes a few moments but then you're install is then databased/whitelisted from further detection afterwards.

I like it because it's a fine compliment to a Layered Protection Approach. Theres many different mixes users can combine to their overall shielding, mine just happens to include a HIPS, AE, SandboxIE + Returnil/PowerShadow but not necessarily in that order since i alternate with several FD-ISR systems or snapshots as their called.

 

I would have expected AE to have whitelisted PD and crap cleaner BUT it didn't
as far as high goes. No problem adding them to trusted though.

anyway now that I have got it working perfectly and can see what it can and can't do I have restored my pre-installation image for the time being. As I have said before to me its all a question of proportionality. I'm not sure exactly what I expected from AE but I should have had the sense to realize that it is just going to sit there doing nothing on my machines. As a bit of insurance I might have another look at Sandboxie as protection against a more likely source of infection.

 

If I am understanding the operation of AE correctly, you will ALWAYS have to add certain programs to trusted, because THEY control OTHER program. Examples would be anti-Viruses and the programs that you named: they demand the ability to be able to change files, like deleting them, so they must be added to Trusted, even at the AE Low Security setting. I believe that I am right about this but I am still trialling this program. You AE experts out there, if I am wrong, I need to know about this, thanks.

Acadia

 

I'm with you and anxious to learn more myself of AE. I think in another thread Blue stated that AE watches over certain critical API'S and is what gives it such Zest! in sensitivity to .exe's and thats a A+ of the highest order no matter few limitations.

I hope to incorporate AE within ALL my snapshots and any other systems on my units (3), so it flows smoothly with other security apps, and i believe this is very possible.

Maybe Peter2150 can hammer at it some more with other combinations and pass his results our way.

Great Topic and discussion BTW. Because AE is rather unique in itself. LoL

 

You're probably right, but you know apps on this order by their very nature, although limited in some ways always have a knack for creating great interest.

Anyway, that set up which is similar to my own in many ways is more than enough, but you know some of us, we just can't seem to leave well enough alone, especially when an app shows us satisfaction w/stability. You have to admit in spite of potential redundancy when matched up to sandboxes, HIPS, and virtuals it's still well regarded as yet another layer of dependable safety.

 

I love Anti-Executable for its simplicity: it simply kills everything except that which I allow. From now on, anything bad on my system will be MY fault, I will no longer be able to blame any scanners or other security software.

Acadia

 

I guess I've always presumed - if the collection of executables on a system are changing on a regular basis (for whatever reason), AE is probably not the preferred solution. For a system on which the executable population is static, it's an extremely powerful approach. It also important to keep in mind that these two extremes reflect very different usage profiles, with the inherent power of AE tied to those profiles.

Blue

 

I relate to that emphatically. Blue is right on target, the practicality of implimenting an app like AE mostly depends on the regular activity of the PC according to the user's usage and with dynamic activity like regular D/L's and program installs it stands to reason AE will have more of a hand in that practice as opposed to predominately static activity.

 

It might also help if it had something bad to stop at least occasionally. I never cease to be amazed at the different experiences we all have. Some people seem to catch colds on a regular basis. AE clearly has more value for someone who has problems with intrusions or where intrusions would matter. Although I liked the program when briefly tested I still think I would prefer to focus on (1) preventing contamination and (2) having a system which can overcome that contamination by restoration rather than cure. Even if AE did stop something bad I would not feel comfortable working with that system and would go back to a clean system. Cost is also a factor. On one machine I might be tempted. On a number it seems perverse to just "protect" one and to leave the others "at risk"

 

You can exempt folders (e.g. for programs that update) or add files to trusted.

I think the easiest way is to look at the log and check what things have been blocked. Then you can decide what folders to exempt or which files to add to trusted.

 

Version 2.3 now available:

This latest release now enables IT administrators to:

- Allow or Block execution of applications from local CD-ROM / DVD drives while Anti-Executable is On (Standard and Enterprise)
- Specify where the log file is saved (Standard and Enterprise)
- Minimize the whitelist scanning process during installation (Standard and Enterprise)
- Block workstation mouse and keyboard input directly from the Anti-Executable Enterprise Console (Enterprise)
- Provide a SUS/WSUS server address to allow the downloading of Windows Updates (Enterprise)
- Benefit from improved "under the hood" Console functionality (Enterprise)

 

Not much of a change for home users. Version 3.0 will definitely have some real improvements:

Vista compatible
Whitelist view, export, and replication options
New whitelist scanning engine and architecture
New greylist concept to block whitelisted applications
New scheduling methods offered centrally from the console
New management console
Extended command line options to interact with 3rd party systems
Different protection levels for trusted and external users
Customized logging, reports, and alerts

 

Anti-Executable Standard v3.0 wasn't available yet in my personal account, but I could download Anti-Executable Standard v2.30.000.317, which was mentioned in the post of member "Thankful".

PS: AE is so good that you have to turn it OFF to download its own installation file. I hope AE whitelists itself also.

 

Version 3.0 will be available in early 2008.

 

Not quite sure if those can be considered improvements or not. My idea of improving AE might would include some script blocking capability, but that isn't really a priority for most who employ HIPS which can easily do that task anyway.

But, if theres any real consolation, it's of interest to many that AE is still building on this fabulous app.

EASTER

 

What is an easy to configure and inexpensive HIPS program that will control scripting ... I repeat, easy to configure.

thanks,
Acadia

 

AFAIK, none.

 

EQSecure 3.41

Simple choose in menu Files Protection "and" Registry Protections and add ANY script extension to your heart's content.

IT SIMPLY CANNOT FIRE WITHOUT ALERTING USER FIRST!