I thinks there will be such functions very soon.
hopefully in the near feature :) But I got used to it with the .ini files...
Good questions. I thinks MemProtect currently blocks attempt to inject code from one executable (exploited one or malware) into other process....
Hmm, depending on config and backup strategys, the 3kb can be enough i guess.
Some news from the developer (see news on excubuts): :) Hoping the other trays will in beta camp also very soon.
Hmm, strange. Have you restarted driver after change in pumpernickel.ini? Try to do net stop pumpernickel net start pumpernickel in...
@WildByDesign Thanks for the rules. Helped much! :)
True words :):thumb:
Beside Edge protection: Does anybody knows how to general protect "ModernApps". As far as I understand they also gets protected by runtime sandobx...
The new MZWriteScanner now also is able to log written EXE-files in a forensic directory (c:\windows\$forensics\) - that is cute :-) I guess this...
Only demo versions were time-limited. All my full versions still work. I think this was mention in the readme.txt or in the Excubit's blog...
Have you see this from excubits's recent blog post (link was there): https://github.com/Neo23x0/sigma/tree/master/rules/windows/sysmon very...
1. I thinks this depends on priority of driver. If AppGuard comes before CMDScanner in kernel then it cannot log because process is then already...
ha, ha :argh::thumb: great! have you guys seen this:...
Ah yeah, it was somewhere arounds 2006 if I remember right. But there was also some controversys around that Rootkit Unhooker if I remember right?!
Exactly, we all know we should, but reality proofs that in many cases people do (or can)not :-)
On what operating system? On Windows 8.1 (fully patched) it is not. I can execute sample exploit using EVENTVWR.EXE and it still works. I added...
Yep, this is how the way go. So there is always need for multi-layer protection. One solution alone will not defend all possibilities. Even if you...
Hey guys. I also installed CheckMAL' AppCheck. It seemz to install Kernel-MOde driver, I thinks this driver responisble for making backups, so...
Try to kill process from TaskManager: go to "Details"-Tab, then select process and right-click, there select "kill process". I was also tricked,...
I thinks you can start DbgView from Sysinternal Tools, this show up Debug Messages. You need to set a filter for MemProtect so not too many alerts...
Hi Pete! It is not same EXE file. If you have shortcut it already point to the correct exe. One shortcut to the Tray.exe for FIDES, other...
@WildByDesign : WOW, thanks a lot for this. Great idea, thanks for sharing. Will help to tidy my configurations :thumb:
Thanks, Good advice, thats how I proceed. With the new feature in the tray-application its easy to change between different container config...
Yes, also works in Windows 7. I used it on my old Win7 (x64) notebook. Worked pretty fine (but ensure you install all updates or driver with...
Separate names with a comma.
