I agree it's ultimately more secure with a proper whitelist, but I've come to the conclusion that it either has to be run with windows updates turned off or as a blacklisting system for vulnerable system apps like browsers. The trouble is windows now updates many things without a reboot and these updates become corrupted due to being blocked. These KBxxxxx updates write to many different parts of the disk and are different for every update so it's impossible to whitelist all possible locations except by using very wide wildcard paths on system folders and this creates huge holes in the security rendering MXWriteScanner almost useless. The forensics folder also becomes filled with huge numbers of system files that will eventually seriously degrade sytem performance due to reading the hashes in that folder. If updates are turned of, they can be manually installed say once a week with MZWriteScanner turned off and this avoids all these problems. Or you can just whitelist the C drive and blacklist vulnerable app processes which considerably hardens things like browsers.
I agree it has to be off with most updating. One of the many reasons I stay with Win 7. I am still in control.
An updated build (beta) of MZWritescanner is available ("compiler-stamp: Mon Mar 19 07:30:54 2018") Download (BetaCamp) or: https://excubits.com/content/files/MZWriteScanner.7z
And one of the reasons I remain with Windows 8.1 likewise over here. In fact Win9, uh I mean Win 10, normally is offline 90% and so when it is updated all security is in the 0ff position for that time it's digesting whatever it gets fed at the time. Which must be quite a diet.
After reinstalling windows 10, I get an error telling me the security certificate isn't recognised when I try to install the latest MZWriter beta. Anyone know what's causing this.
The driver (MZWriteScanner.sys) is not co-signed by Microsoft. You need to use the stable version if you want a co-signed driver.
Because the current version is expired, the developer uploaded a new version today. ("Demo driver will stop working in 2019. A follow up demo version will be available then which will work for another year.") Website mzwritescanner_demo.exe (Digital signature of the driver: April 2, 2018)
An updated build (beta) of MZWritescanner is available ("compiler-stamp: Wed Apr 04 16:31:53 2018") Download (BetaCamp) or: https://excubits.com/content/files/MZWriteScanner.7z More info: Newsblog: Demo and Beta Updates (2018/04/08)
Link: https://excubits.com/content/en/news.html Beta: https://excubits.com/content/en/products_beta.html
New Stable Release: Link: https://excubits.com/content/en/news.html Download: https://excubits.com/content/en/products_mzwritescanner.html
Ok thanks. Formidable app for sure but not for me without workable user-friendly GUI. Probably something they feel better off without adding but it would create a flood of new users to it if they did.
I don't think they want those "new" users. Florian feels a GUI opens doors he'd rather not open. Easter, if you dropped your bias, and took a look you would find it's not nearly as bad as you think
Suits this user just fine. There is no corner in this particular market. Plus the variety is good but user friendly automation even better
Downloads folder is on blacklist. I download a file. It is blocked from execution. What's the easiest way to unblock? Forensics is disabled. I tried clearing log and restarting driver, but it still blocks.
Try to look into the folder c:\Windows\$FORENSICS\ to find out if the hash of the blocked file is there. If the hash is there (as Forensics has been disabled, it should have a size of 0 bytes), then this is the reason why the file has been blocked.
