Smart Object Blocker (Block EXE, DLL, Drivers)

He has gone very silent lately...

 

from what i heard, he has a deal with a contractor for a customized SOB version, which required all his attention. once done things should revert to normal.

 

I truly hope your words come true.

 

Yes I also do.
It would really be amazing if some of the customized features could be used (maybe slightly modified because of commercial / legal issues) in an official version, so that the official version would benefit here.

 

Guys, do you know, is there any way how to check how many "accesses" to some sort of kernel are going to be added when running SOB? I mean, I know, it is not consuming much CPU power or RAM in the tasks manager, but Im not quite sure whether there might be more rules executed within the kernel for every object which is called from a parent process or every exe you try to run...

I somehow have the feeling that running SOB is causing some sort of small delay when executing tools / applications, but I don't really know how to measure it as it is showing very low ressources as long as it is running in the background (CPU and RAM consumptions low). any ideas guys?

Thanks

 

I have a slow PC, i surely notice a general delay if executables are loaded.
Google Chrome is a good example, where a lot of files are executed in a row. Watch the CPU-Usage of SOB with Processhacker or other tools, sometimes it goes up to 20-40% (if you have a slow PC)
But the second time Google Chrome is loaded, the CPU-Usage is lower.
With some other executables i have spikes up to 50-70 CPU-% for 5-10 seconds.

If you have a rule like this, it can (maybe) slow it down too:

= SOB has to check all mentioned variables. Productname, Publisher, Description, Filesigner, ...

But i mentioned the high CPU-Usage in an email to the developer (last year) and they are aware of it.

 

SOB seems vastly superior to NRP yet the latter is not free, odd.

 

You don't have to pay for the beta version of ERP. It's free.

 

If Iron was used instead of original Chrome, would the user need to include Iron.exe in Block Rules - Process? The shortcut on desktop targets chrome.exe, but there is also an Iron.exe in the Program folder.

The Publisher rules would need to include SRWare Iron

 

It is true, but when it will happen is an entirely different matter. Maybe Andreas will make a billion $ and get out of the software business... LOL -- then we're all screwed.

 

hahahaha poor us then ^^

 

I am waiting patiently, hoping not to be screwed

 

Correct.

 

I,ve been messing with this for about a week on Virtualbox and have it set to passive logging on my main PC.
I,ve used rules from here and other sources.
The first problem I came across was the exclusion process rules was always getting dll's blocked so was adding them seperatley in the exclusion dll rules,
ie Vivaldi= [%FILENAME%: WinSparkle.dll] [%PROCESS%: *\vivaldi.exe] etc,
So I thought copy process exceptions in dll exceptions BINGO getting better.
Now I notice the rules
[%FILE%: %TEMP%\*] [%PUBLISHER%: Google Inc]
[%PROCESS%: %TEMP%\*] [%PUBLISHER%: Google Inc.]
but according to the variable text in ver 1.3 there is no %PUBLISHER% rule but a %FILESIGNER% and %FILEPUBLISHER%.

So my question is which replaces the publisher rule.

Hope I explained properly

 

It is %FILESIGNER% works perfect.

 

Thanks for useful tip.

 

I have it set up this way, the blocked process and dll using %FILEPATH% and the exceptions using %FILESIGNER%

Code:

// Processes Rules [Behavioral Mode]

// Rules:
[%CMDLINE%: *rundll32*;*eval*(*]

// Rules:
//[%PROCESS%: C:\Users\*]
[%PROCESS%: D:\*]
[%PROCESS%: E:\*]
//My DVD [%PROCESS%: G:\*]
[%PROCESS%: H:\*]
[%PROCESS%: I:\*]
[%PROCESS%: J:\*]


[%FILEPATH%: %PROFILE%\*]
//[%FILEPATH%: %LOCALAPPDATA%\*]
//[%FILEPATH%: %APPDATA%\*]
[%FILEPATH%: %COMMONAPPDATA%\*]
//[%FILEPATH%: %WINDOWS%\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\*]
[%FILEPATH%: %WINDOWS%\Tasks\*]
[%FILEPATH%: %WINDOWS%\Temp\*]
[%FILEPATH%: %WINDOWS%\Registration\CRMLog\*]
[%FILEPATH%: %WINDOWS%\System32\com\dmp\*]
[%FILEPATH%: %WINDOWS%\System32\FxsTmp\*]
[%FILEPATH%: %WINDOWS%\System32\spool\PRINTERS\*]
[%FILEPATH%: %WINDOWS%\System32\spool\drivers\color\*]
[%FILEPATH%: %WINDOWS%\System32\Tasks\*]
[%FILEPATH%: %WINDOWS%\SysWOW64\com\dmp\*]
[%FILEPATH%: %WINDOWS%\SysWOW64\FxsTmp\*]
[%FILEPATH%: %WINDOWS%\SysWOW64\Tasks\*]
[%FILEPATH%: %WINDOWS%\tracing\*]
[%FILEPATH%: %ROOT%\Documents and Settings\]
[%FILEPATH%: %ROOT%\RECYCLER\*]
[%FILEPATH%: %ROOT%\System Volume Information\*]
[%FILEPATH%: %ROOT%\PerfLogs\*]
[%FILEPATH%: %RECENT%\*]
[%FILEPATH%: %WINDOWS%\Prefetch\*]
[%FILEPATH%: *\$Recycle.Bin\*]
[%FILEPATH%: *\Recycle.Bin\*]


[%FILEPATH%: %TEMP%\*] [%PARENTPROCESS%: *\plugin-container.exe]
[%FILEPATH%: %WINDOWS%\Temp\*] [%PARENTPROCESS%: *\plugin-container.exe]
[%FILENAME%: rundll32.exe] [%PARENTPROCESS%: *\plugin-container.exe]
[%FILENAME%: cmd.exe] [%PARENTPROCESS%: *\plugin-container.exe]
[%FILENAME%: powershell*.exe] [%PARENTPROCESS%: *\plugin-container.exe]
[%FILENAME%: regsvr32.exe] [%PARENTPROCESS%: *\plugin-container.exe]
[%FILENAME%: wscript.exe] [%PARENTPROCESS%: *\plugin-container.exe]
[%FILENAME%: cscript.exe] [%PARENTPROCESS%: *\plugin-container.exe]

[%FILEPATH%: %TEMP%\*] [%PARENTPROCESS%: *\MicrosoftEdge.exe]
[%FILEPATH%: %WINDOWS%\Temp\*] [%PARENTPROCESS%: *\MicrosoftEdge.exe]
[%FILENAME%: rundll32.exe] [%PARENTPROCESS%: *\MicrosoftEdge.exe]
[%FILENAME%: cmd.exe] [%PARENTPROCESS%: *\MicrosoftEdge.exe]
[%FILENAME%: powershell*.exe] [%PARENTPROCESS%: *\MicrosoftEdge.exe]
[%FILENAME%: regsvr32.exe] [%PARENTPROCESS%: *\MicrosoftEdge.exe]
[%FILENAME%: wscript.exe] [%PARENTPROCESS%: *\MicrosoftEdge.exe]
[%FILENAME%: cscript.exe] [%PARENTPROCESS%: *\MicrosoftEdge.exe]

[%FILEPATH%: %TEMP%\*] [%PARENTPROCESS%: *\firefox.exe]
[%FILEPATH%: %WINDOWS%\Temp\*] [%PARENTPROCESS%: *\firefox.exe]
[%FILENAME%: rundll32.exe] [%PARENTPROCESS%: *\firefox.exe]
[%FILENAME%: cmd.exe] [%PARENTPROCESS%: *\firefox.exe]
[%FILENAME%: powershell*.exe] [%PARENTPROCESS%: *\firefox.exe]
[%FILENAME%: regsvr32.exe] [%PARENTPROCESS%: *\firefox.exe]
[%FILENAME%: wscript.exe] [%PARENTPROCESS%: *\firefox.exe]
[%FILENAME%: cscript.exe] [%PARENTPROCESS%: *\firefox.exe]

[%FILEPATH%: %TEMP%\*] [%PARENTPROCESS%: *\waterfox.exe]
[%FILEPATH%: %WINDOWS%\Temp\*] [%PARENTPROCESS%: *\waterfox.exe]
[%FILENAME%: rundll32.exe] [%PARENTPROCESS%: *\waterfox.exe]
[%FILENAME%: cmd.exe] [%PARENTPROCESS%: *\waterfox.exe]
[%FILENAME%: powershell*.exe] [%PARENTPROCESS%: *\waterfox.exe]
[%FILENAME%: regsvr32.exe] [%PARENTPROCESS%: *\waterfox.exe]
[%FILENAME%: wscript.exe] [%PARENTPROCESS%: *\waterfox.exe]
[%FILENAME%: cscript.exe] [%PARENTPROCESS%: *\waterfox.exe]

[%FILEPATH%: %TEMP%\*] [%PARENTPROCESS%: *\chrome.exe]
[%FILEPATH%: %WINDOWS%\Temp\*] [%PARENTPROCESS%: *\chrome.exe]
[%FILENAME%: rundll32.exe] [%PARENTPROCESS%: *\chrome.exe]
[%FILENAME%: cmd.exe] [%PARENTPROCESS%: *\chrome.exe]
[%FILENAME%: powershell*.exe] [%PARENTPROCESS%: *\chrome.exe]
[%FILENAME%: regsvr32.exe] [%PARENTPROCESS%: *\chrome.exe]
[%FILENAME%: wscript.exe] [%PARENTPROCESS%: *\chrome.exe]
[%FILENAME%: cscript.exe] [%PARENTPROCESS%: *\chrome.exe]

[%FILEPATH%: %TEMP%\*] [%PARENTPROCESS%: *\vivaldi.exe]
[%FILEPATH%: %WINDOWS%\Temp\*] [%PARENTPROCESS%: *\vivaldi.exe]
[%FILENAME%: rundll32.exe] [%PARENTPROCESS%: *\vivaldi.exe]
[%FILENAME%: cmd.exe] [%PARENTPROCESS%: *\vivaldi.exe]
[%FILENAME%: powershell*.exe] [%PARENTPROCESS%: *\vivaldi.exe]
[%FILENAME%: regsvr32.exe] [%PARENTPROCESS%: *\vivaldi.exe]
[%FILENAME%: wscript.exe] [%PARENTPROCESS%: *\vivaldi.exe]
[%FILENAME%: cscript.exe] [%PARENTPROCESS%: *\vivaldi.exe]

[%FILEPATH%: %TEMP%\*] [%PARENTPROCESS%: *\soffice.bin]
[%FILEPATH%: %WINDOWS%\Temp\*] [%PARENTPROCESS%: *\soffice.bin]
[%FILENAME%: rundll32.exe] [%PARENTPROCESS%: *\soffice.bin]
[%FILENAME%: cmd.exe] [%PARENTPROCESS%: *\soffice.bin]
[%FILENAME%: powershell*.exe] [%PARENTPROCESS%: *\soffice.bin]
[%FILENAME%: regsvr32.exe] [%PARENTPROCESS%: *\soffice.bin]
[%FILENAME%: wscript.exe] [%PARENTPROCESS%: *\soffice.bin]
[%FILENAME%: cscript.exe] [%PARENTPROCESS%: *\soffice.bin]

//Prevent commonly exploited processes from executing processes
[%PARENTPROCESS%: *\javaw.exe]
[%PARENTPROCESS%: *\iexplore.exe]
[%PARENTPROCESS%: *\firefox.exe]
[%PARENTPROCESS%: *\waterfox.exe]
[%PARENTPROCESS%: *\opera.exe]
[%PARENTPROCESS%: *\AcroRd32.exe]
[%PARENTPROCESS%: *\plugin-container.exe]
[%PARENTPROCESS%: *\chrome.exe]
[%PARENTPROCESS%: *\MicrosoftEdge.exe]
[%PARENTPROCESS%: *\MicrosoftEdgeCP.exe]
[%PARENTPROCESS%: *\winword.exe]
[%PARENTPROCESS%: *\excel.exe]
[%PARENTPROCESS%: *\wmplayer.exe]
[%PARENTPROCESS%: *\skype.exe]
[%PARENTPROCESS%: *\safari.exe]
[%PARENTPROCESS%: *\vivaldi.exe]

//Block execution of 16-bit processes
[%FILEPATH%: *:\WINDOWS\System32\NTVDM*]

//Block command-line strings used by Cryptolocker family
[%PROCESSCMDLINE%: *rundll32*Shell32.dll*Control_RunDLL*\*.exe*]
[%PROCESSCMDLINE%: *rundll32*javascript:*]
[%PROCESSCMDLINE%: *rundll32*;*eval*(*]
[%PROCESSCMDLINE%: *vssadmin*Delete*Shadows*/All*/Quiet*]
[%PROCESSCMDLINE%: *bcdedit*/set*recoveryenabled* No*]
[%PROCESSCMDLINE%: *bcdedit*/set*bootstatuspolicy*ignoreallfailures*]
[%PROCESSCMDLINE%: *bcdedit*-set*loadoptions*DDISABLE_INTEGRITY_CHECKS*]
[%PROCESSCMDLINE%: *bcdedit*/deletevalue*safeboot*/set*safebootalternateshell*false*]

And the allowed exceptions Process and dll exceptions using %FILESIGNER%

Code:

// Processes Rules [Behavioral Mode - Exclusions]

// Rules
// Software that updates itself
//Avira Free
[%FILE%: %TEMP%\*] [%FILESIGNER%: Avira Operations GmbH & Co. KG]
[%PROCESS%: %TEMP%\*] [%FILESIGNER%: Avira Operations GmbH & Co. KG]
[%FILENAME%: WixStdBA.dll] [%PROCESS%: *\avira*.exe]

//Voodoshield
[%FILENAME%: %TEMP%\*] [%FILESIGNER%: VoodooSoft, LLC]
[%PROCESS%: %TEMP%\*] [%FILESIGNER%: VoodooSoft, LLC]
[%FILENAME%: InstallVoodooShield*.tmp ] [%PARENTPROCESS%: *\InstallVoodooShield*.exe]

//Vivaldi
[%FILEPATH%: %TEMP%\*] [%FILESIGNER%: Vivaldi Technologies AS]
[%PROCESS%: %TEMP%\*] [%FILESIGNER%: Vivaldi Technologies AS]
[%FILESIGNER%: Vivaldi Technologies AS] [%PARENTPROCESS%: *\vivaldi.exe]
[%FILEPATH%: %LOCALAPPDATA%\Vivaldi\*]
[%FILEPATH%: %APPDATA%\Vivaldi\*]  [%FILESIGNER%: Vivaldi Technologies AS]
//[%FILE%:  C:\Users\Steve\AppData\Local\Vivaldi\Application\vivaldi.exe]
//[%FILENAME%: vivaldi.exe] [%PARENTPROCESS%: *\explorer.exe]
//[%FILE%: %WINDOWS%\splwow64.exe] [%PARENTPROCESS%: *\vivaldi.exe]
//[%FILENAME%: explorer.exe] [%PARENTPROCESS%: *\vivaldi.exe]


//Zemana
[%FILEPATH%: %TEMP%\*] [%FILESIGNER%: Zemana Ltd.]
[%PROCESS%: %TEMP%\*] [%FILESIGNER%: Zemana Ltd.]
[%FILESIGNER%: Zemana Ltd.] [%PARENTPROCESS%: *\Zam.exe]

//Opera
[%FILEPATH%: %TEMP%\*] [%FILESIGNER%: Opera Software ASA]
[%PROCESS%: %TEMP%\*] [%FILESIGNER%: Opera Software ASA]
[%FILESIGNER%: Opera Software ASA] [%PARENTPROCESS%: *\opera.exe]

//Auslogics
[%FILE%PATH: %TEMP%\*] [%FILESIGNER%: Auslogics Labs Pty Ltd]
[%PROCESS%: %TEMP%\*] [%FILESIGNER%: Auslogics Labs Pty Ltd]

//google
[%FILEPATH%: %TEMP%\*] [%FILESIGNER%: Google Inc]
[%PROCESS%: %TEMP%\*] [%FILESIGNER%: Google Inc]
[%FILESIGNER%: Google Inc] [%PARENTPROCESS%: *\chrome.exe]
[%FILEPATH%: %LOCALAPPDATA%\Google\*] [%SIGNER%: Google Inc]
[%FILE%:  %LOCALAPPDATA%\Google\Chrome SxS\Application\chrome.exe]
//[%FILE%: %WINDOWS%\splwow64.exe] [%PARENTPROCESS%: *\chrome.exe]
//[%FILENAME%: explorer.exe] [%PARENTPROCESS%: *\chrome.exe]
[%FILEPATH%: %LOCALAPPDATA%\Google\*]
//[%FILEPATH%: %LOCALAPPDATA%\Chromium\*]

//Microsoft
[%FILEPATH%: %TEMP%\*] [%FILESIGNER%: Microsoft Corporation]
[%PROCESS%: %TEMP%\*] [%FILESIGNER%: Microsoft Corporation]
[%FILEPATH%: %WINDOWS%\Temp\*] [%FILESIGNER%: Microsoft Corporation]

//Piriform Ltd Disk Defrag
[%FILE%PATH%: %TEMP%\*] [%FILESIGNER%: Piriform Ltd]
[%PROCESS%: %TEMP%\*] [%FILESIGNER%: Piriform Ltd]
[%FILESIGNER%: Piriform Ltd] [%PROCESS%: *\CCleaner64.exe]

//Malwarebytes
[%FILEPATH%: %TEMP%\*] [%FILESIGNER%: Malwarebytes Corporation]
[%PROCESS%: %TEMP%\*] [%FILESIGNER%: Malwarebytes Corporation]
[%PARENTPROCESS%: C:\ProgramData\Malwarebytes\Malwarebytes Anti-malware\mbam-setup.exe]
[%FILENAME%: mbam-setup.tmp] [%PARENTPROCESS%: *\mbam-setup.exe]
[%FILESIGNER%: Malwarebytes Corporation] [%PROCESS%: *\mbam.exe]

//Firefox
[%FILE%PATH%: %TEMP%\*] [%FILESIGNER%: Mozilla Corporation]
[%PROCESS%: %TEMP%\*] [%FILESIGNER%: Mozilla Corporation]
[%FILESIGNER%: Mozilla Corporation] [%PARENTPROCESS%: *\firefox.exe]
[%FILEPATH%: %LOCALAPPDATA%\Mozilla\*] [%SIGNER%: Mozilla Corporation]
[%FILEPATH%: %APPDATA%\Mozilla\*] [%SIGNER%: Mozilla Corporation]
//[%FILE%: %WINDOWS%\splwow64.exe] [%PARENTPROCESS%: *\firefox.exe]
//[%FILENAME%: helper.exe] [%PARENTPROCESS%: *\firefox.exe]

//Waterfox
[%FILEPATH%: %TEMP%\*] [%FILESIGNER%: Waterfox Ltd.]
[%PROCESS%: %TEMP%\*] [%FILESIGNER%: Waterfox Ltd.]
[%FILEPATH%: %LOCALAPPDATA%\Mozilla\*] [%SIGNER%: Waterfox Ltd.]
[%FILEPATH%: %APPDATA%\Mozilla\*] [%SIGNER%: Waterfox Ltd.]
[%FILESIGNER%: Waterfox Ltd.] [%PARENTPROCESS%: *\waterfox.exe]
//[%FILE%: %WINDOWS%\splwow64.exe] [%PARENTPROCESS%: *\waterfox.exe]
//[%FILENAME%: helper.exe] [%PARENTPROCESS%: *\waterfox.exe]

// Allow system files
[%FILEPATH%: %WINDOWS%\*]
[%FILEPATH%: %PROGRAMFILES%\*\*]
[%FILEPATH%: %PROGRAMFILESX86%\*\*]
//[%FILE%: %WINDIR%\system32\WerFault.exe]
//[%FILEPATH%: %WINDIR%\Temp\??_?????.tmp\setup.exe
//[%FILEPATH%: %WINDIR%\Temp\????????-????-????-????-????????????\*
//[%FILEPATH%: %WINDIR%\Temp\{????????-????-????-????-????????????}\*
//[%FILEPATH%: %WINDIR%\Temp\DPTF\*
//[%FILEPATH%: %WINDIR%\AppPatch\*
//[%FILEPATH%: %WINDIR%\assembly\*
//[%FILEPATH%: %WINDIR%\Branding\*
//[%FILEPATH%: %WINDIR%\ImmersiveControlPanel\*
//[%FILEPATH%: %WINDIR%\Installer\*
//[%FILEPATH%: %WINDIR%\Microsoft.NET\*
//[%FILEPATH%: %WINDIR%\servicing\*
//[%FILEPATH%: %WINDIR%\SoftwareDistribution\*
//[%FILEPATH%: %WINDIR%\System32\*
//[%FILEPATH%: %WINDIR%\SystemApps\*
//[%FILEPATH%: %WINDIR%\SysWOW64\*
//[%FILEPATH%: %WINDIR%\twain_32\*
//[%FILEPATH%: %WINDIR%\WinStore\*
//[%FILEPATH%: %WINDIR%\WinSxS\*
[%FILE%: %WINDIR%\explorer.exe]
[%FILE%: %WINDIR%\notepad.exe]
[%FILE%: %WINDIR%\splwow64.exe]
[%FILE%: %WINDIR%\Temp\MPGEAR.DLL]
[%FILE%: %WINDIR%\Temp\MPENGINE.DLL]
[%FILE%: %WINDIR%\Temp\???????.tmp\*]



[%FILEPATH%: %PROFILE%\Downloads\*]
[%FILEPATH%: %DESKTOPDIRECTORY%\My Space\*]
[%FILEPATH%: %LOCALAPPDATA%\Microsoft\OneDrive\*]
[%FILEPATH%: %COMMONAPPDATA%\Malwarebytes\*]
[%FILEPATH%: %COMMONAPPDATA%\Macrium\*]
[%FILEPATH%: %ROOT%\AMD\*
[%FILEPATH%: %COMMONAPPDATA%\EPSON\*]


[%PROCESS%: *:\WINDOWS\*]
[%PROCESS%: %PROGRAMFILES%\*]
[%PROCESS%: %PROGRAMFILESX86%\*]
[%PROCESS%: %WINDIR%\Temp\??_?????.tmp\setup.exe
[%PROCESS%: %WINDIR%\Temp\????????-????-????-????-????????????\*
[%PROCESS%: %WINDIR%\Temp\{????????-????-????-????-????????????}\*
[%PROCESS%: %WINDIR%\Temp\DPTF\*
[%PROCESS%: %WINDIR%\AppPatch\*
[%PROCESS%: %WINDIR%\assembly\*
[%PROCESS%: %WINDIR%\Branding\*
[%PROCESS%: %WINDIR%\ImmersiveControlPanel\*
[%PROCESS%: %WINDIR%\Installer\*
[%PROCESS%: %WINDIR%\Microsoft.NET\*
[%PROCESS%: %WINDIR%\servicing\*
[%PROCESS%: %WINDIR%\SoftwareDistribution\*
[%PROCESS%: %WINDIR%\System32\*
[%PROCESS%: %WINDIR%\SystemApps\*
[%PROCESS%: %WINDIR%\SysWOW64\*
[%PROCESS%: %WINDIR%\twain_32\*
[%PROCESS%: %WINDIR%\WinStore\*
[%PROCESS%: %WINDIR%\WinSxS\*
[%PROCESS%: %WINDIR%\explorer.exe
[%PROCESS%: %WINDIR%\notepad.exe
[%PROCESS%: %WINDIR%\splwow64.exe
[%PROCESS%: %WINDIR%\Temp\MPGEAR.DLL
[%PROCESS%: %WINDIR%\Temp\MPENGINE.DLL
[%PROCESS%: %WINDIR%\Temp\???????.tmp\*
//[%PROCESS%: %PROFILE%\steve\downloads\*


//Allow commonly exploited processes to execute processes signed by the same vendor
[%FILESIGNER%: Skype Software Sarl] [%PARENTPROCESS%: *\Skype.exe]
[%FILESIGNER%: Oracle America] [%PARENTPROCESS%: *\javaw.exe]
[%FILESIGNER%: Adobe Systems] [%PARENTPROCESS%: *\AcroRd32.exe]
[%FILESIGNER%: Apple Inc.] [%PARENTPROCESS%: *\safari.exe]

Basically %FILEPATH% used to block as with bouncer ,SSRP etc:, but using %FILESIGNER% to allow the publisher to install and update the own software.

Needs cleaned up but I rem out lines and keep trying different scenarios.

I will gladly put the Block and Behavioral Exceptions folders on my onedrive so all you have to do is replace them in your SOB folder.

 

Does someone has a SOB version 1.2? Latest SOB 1.3 slows down loading of Chrome a lot.

 

I have different kind of versions:
Overview:
final v1.3 (official)
SmartObjectBlocker_Setup.exe 1.665.552 2015-12-04
v1.3 (pre-builds)
SmartObjectBlocker_Setup3.exe 1.575.704 2015-12-03
SmartObjectBlocker_Setup2.exe 1.574.896 2015-10-10
v1.2 (updated builds)
SmartObjectBlocker_Setup.exe 1.574.864 2015-10-08
SmartObjectBlocker_Setup.exe 1.573.824 2015-10-07
final v1.2 (official)
SmartObjectBlocker_Setup.exe 1.575.552 2015-09-08
v1.1
...and even older versions. 1.1beta, 1.0, 1.0beta...

What version do you want?
(They are all digitally signed and not modified)

 

Thanks @mood, Latest V1.2 SmartObjectBlocker_Setup.exe 1.574.864 2015-10-08 please

 

I've noticed a lag opening browsers so if the version Wilder's is wanting and it uses the same rules as ver 1.3 I will give it a try

 

Version 1.2 only delays opening Chrome with 0.25 seconds, while version 1.3 delays it for 1 to 2 seconds. Does not matter whether Chrome is monitored or not. Thx Mood

 

Wilders
When testing on Virtualbox all I have installed was Windows Defender, and Umatrix (block 3rd party scripts and frames), UBO default.
I added Emet, MBAE but never heard a peep from them. When installing software it is best just to turn off SOB as it doesnt have the
right click option like NVT Registry Guard. The browser lag is bearable

Years ago I used comodo firewall 2, with an antivirus either AVG,or Avast but I always had Threatfire there, even more now I believe antivirus software is not enough or even worse.
I originally started with the ideas from this forum, Antivirus free ,Firewall already got one windows, block outbound connections (Stem) and lots of articles by yourself which I thank you for. I used to use SSRP ,tried bouncer for a month live but 5K ini file is not enough, I just hope this software is not abandonded, but looking at NVT website I doubt.

So my point is now all I have on my main machine is

Windows Firewall Advanced outbound blocked.
Windows Defender
SOB

Again Wilders I thank you for your input on here, and your great articles which set me on my quest.

 

@mood
Very interesting !

If you're handing 'em out... would you mind sending me one too ?

The final verion 1.2 please.

Total system reconfiguration here; replacing ERP with SOB.

 

Andreas told me that he's gonna release a new version soon and will also want to post some news here on the board. I'm looking forward whether his words hold true