Smart Object Blocker (Block EXE, DLL, Drivers)

Discussion in 'other anti-malware software' started by novirusthanks, Jul 29, 2015.

  1. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Ooops.

    That must be why I got my almost first ever blue screen on 8.1 when launching a third party app driver. That isn't as important ATM as the DLL's this app is good at monitoring.

    It was stopped the hard way :D Looking forward to whatever comes next with SOB.

    FWIW, been eyeballing Windows dllhost.exe and trying to category it's PID range which is quite a few.
     
  2. guest

    guest Guest

    hahaha it is why i didn't dare to install it on 1803, i foresaw i could get some issues :p
     
  3. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    We've released a new version:

    [31-05-2018] v1.5.0.0

    + Support Secure Boot (drivers are co-signed by Microsoft)
    + Now the program works fine when Secure Boot is enabled
    + Improved the internal caching system
    + Exponentially increased DLL file processing speed and cache coherence
    + When the desktop icon is clicked and the program is already running, show the main window
    + New option to play a WAV sound when something is blocked (PlaySoundOnBlockedEvent=y/n)
    + When the protection is disabled show a grayed icon in the system tray
    + Executable (.exe) files are double-signed with both SHA1 and SHA256 code sign
    + Driver is unloaded when program exits
    + Minor fixes and optimizations

    Product info & download:

    http://www.novirusthanks.org/products/smart-object-blocker/

    Chrome, Firefox, etc should run much faster now (DLL monitoring has been improved a lot).

    To install it, first uninstall the old version, reboot (important), install the new version.
     
  4. guest

    guest Guest

    My baby is back :D
     
  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Oh oh :doubt:
     
  6. genieautravail

    genieautravail Registered Member

    Joined:
    May 6, 2012
    Posts:
    109
    @novirusthanks

    Under Windows XP, SOB 1.5 is crashing after some minutes of running.
    Do you have a debug edition of SOB ? o_O

    SS1.jpg
     
    Last edited: Jun 3, 2018
  7. guest

    guest Guest

    Im a bit rusty on SoB lol , need to remember the rules' syntaxes, what about you @EASTER ?

    @novirusthanks i guess SOB isn't yet SUA-compatible?
     
    Last edited by a moderator: Jun 3, 2018
  8. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Uh yeah, that is a fact. I almost had a handle on it but OSA & ERP 4 is taking up all the attention at the present. :D
     
  9. guest

    guest Guest

    Yes, same here, i'm juggling between OSA, ERP and SOB, quite some fun.
     
  10. p0werb1t

    p0werb1t Registered Member

    Joined:
    Jul 4, 2018
    Posts:
    1
    Location:
    Portugal
    Thanks for SOB v1.5 (he also needs some love), this program is wonderful.
    I can't block DLLs, here is my config:
    Win7 x64 / Type = Behavioral / ProtectionDisabled =n

    DLL.DB:
    //none of this rules work
    [%FILENAME%: scrobj.dll] [%PROCESSFILENAME%: regsvr32.exe]
    [%FILENAME%: scrobj.dll] [%PARENTPROCESS%: *\regsvr32.exe]
    [%FILE%: %ROOT%\Windows\System32\scrobj.dll] [%PROCESS%: %ROOT%\Windows\System32\regsvr32.exe]

    No DLL exclusions.
    iobDLL64.dll is loaded by regsvr32.exe

    Tested with: regsvr32.exe /u /n /s /i:http://localhost/calc.sct scrobj.dll

    Also a little bug, config has LogEventsPath = %CURDIR%\Logs but SOB saves in C:\Program Files\Smart Object Blocker\Logs\Logs\*.txt
     
  11. guest

    guest Guest

    Anyone tested it on SUA, on my system it doesn't auto-start on SUA.
     
  12. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    If you use SOB, can you also use ERP concurrently, or do they overlap in the 'exe' blocking category?
     
  13. guest

    guest Guest

    Redundant.
     
  14. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    About almost due for an upgrade improvement. Like the idea of it's blocking DLLs especially. Can't wait to see another new release.
     
  15. guest

    guest Guest

    i just need SOB to auto-start in SUA, it can't at the moment.
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    I say hang in there @guest. Once it's another release perhaps it will plus more.

    Didn't you say in another thread SOB performs another great defensive feature? It escapes me at the moment. Service/Driver blocking maybe like DRP? It's been awhile since I visited this one.
     
  17. guest

    guest Guest

    SOB = ERP + DRP + dll monitoring/blocking. :)

    only inconvenience, all rules must be entered as command lines.
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Grrrr, which grinds me to no end and one HUGE reason I don't have any interest in installing Excubits drivers yet. Waiting for a GUI and no matter how long that takes, even if never.
     
  19. guest

    guest Guest

    same here, but SOB rules seem less complicated than Excubit's ones. If you made some exclusions in OSA, they are same syntax.
     
  20. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    That's a PLUS!

    Kudo's to you for raising the occasional reminder in this topic by revisiting it fairly often :cool:

    It should be quite a treat once Andreas can break away long enough to put the team on SOB again and release us a revised new update.
     
  21. guest

    guest Guest

    And SOB can check for the file version, "Product Name" and some other file properties.
    For example the user can make sure that only the latest version of chrome (or other vulnerable applications) can be launched and older (vulnerable) versions are blocked, etc.
     
  22. pcalvert

    pcalvert Registered Member

    Joined:
    May 21, 2005
    Posts:
    237
    I use both. However, I use SOB on demand -- I launch it before opening a web browser. For me, SOB acts as a kind of sandbox around Google Chrome and other web browsers. That's how I have SOB configured. I got the idea from Kees (aka Windows_Security & Kees1958 ).

    Phil
     
  23. guest

    guest Guest

    Yes, Kees has some non-conventional but interesting ways of using products. :)
     
  24. guest

    guest Guest

    Smart Object Blocker v1.6 Released (November 5, 2018)
    Website
     
  25. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Not sure if v1.6 is faster, but last time I tried v1.5 a few months ago, there was a noticeable impact in performance (slowdown) that is simply not here with Excubits' software, Smart Object Blocker would be a great software if the dev can fix the speed issues
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.