App to prevent process kill?

Discussion in 'other anti-malware software' started by bellgamin, May 14, 2022.

Page 2 of 2
  1. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    347
    Location:
    Finland
    @ichito
    Since, SS Firewall relys on Windows Firewall, how i can prevent a malware to add a WF rule during boot stage? 90% malwares does that, many with simple reg add command to open up a outgoing port.
     
    moredhelfinland, May 23, 2022
    #26
  2. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    @ichito -- Wow! Loads of helpful information!!! THANKS. :thumb::thumb::thumb:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    @moredhelfinland -- SS firewall does not rely on Windows firewall. SS uses Windows Filtering Platform (WFP), a series of APIs & system services that are Windows built-in "shortcuts" for network filtering, to be used in creating firewalls & other such apps (see note 1).

    Thus, malware would have to penetrate SS itself to add or modify a rule in SS firewall. SS is strongly self-protected to prevent that sort of thing from happening.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    NOTE 1- Windows firewall is also built on the same WFP APIs & services. It is the Windows firewall that is somewhat vulnerable, not WFP or the SS firewall.
     
    bellgamin, May 23, 2022
    #27
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,559
    Location:
    The Netherlands
    There currently is no security app that can block processes from being killed, SpyShelter strangely enough also doesn't offer such a feature. I do remember that HIPS from back in the days like System Safety Monitor offered this stuff.
     
    Rasheed187, May 27, 2022
    #28
  4. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    347
    Location:
    Finland
    @bellgamin
    That's the point, WFP based firewall softwares are more vulnerable, rather than third party firewalls that uses their own filter driver?
    Only that is why im using a software based firewall, that does use it's own filter driver rather than WFP based ones.
     
    moredhelfinland, May 27, 2022
    #29
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,559
    Location:
    The Netherlands
    No, the point is that SS doesn't rely on the Windows Firewall, so if WF is bypassed, then SS keeps blocking outbound connections. Plus it also monitors for code injection, which is often used by malware to bypass firewalls. ZoneAlarm also watches for code injection but is bloated. I personally use TinyWall as firewall and SS as behavior blocker which should prevent apps from bypassing TinyWall.
     
    Rasheed187, May 27, 2022
    #30
  6. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,920
    come on, please stop repeating this BS, FUD at its best.
    it is NOT helpfull to comment each firewall thread with this unproven statement and to recommend another (paid) software.
     
    Brummelchen, May 27, 2022
    #31
  7. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    As quoted, I agree.
     
    bellgamin, May 27, 2022
    #32
Page 2 of 2
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...