Discussion in 'other anti-malware software' started by trjam, Feb 22, 2009.
Any suggestions for those looking but less savy.
the paid version of processguard 3.5 may be one of those which can access deny by default
also in drivesentry you could achieved this too and malware defender but it is not by default
note:not recomended for daily use but very secure
Malware Defender can be used for this.
Default-deny is a policy, not a type of HIPS or security software. In its simplest terms, default-deny is the blocking of anything that you haven't allowed. Software such as classic HIPS are at their best when they're used to enforce this policy. Most of the better HIPS will allow you the flexibility to make this as simple or as detailed as you want. It can be as simple as a list of processes that are allowed to run or as detailed as specifying the allowed child processes, registry access, driver permissions, etc for each process individually.
Using the free version of SSM as an example, there are 3 program behavior choices under options>applications.
The first, "allow everything" uses a default-permit policy. Except for processes you've chosen to block, anything can run.
The second option, "block process creation" enforces a process whitelist. Unless otherwise specified in the rules, it does not monitor parent-child behavior, DLL injection, driver loading, etc. On this setting, allowed processes can launch any other allowed process and can perform all the other mentioned activities.
The third option, "block everything" monitors all the activities of each process and asks the user to specify what activities each is allowed to do and what other processes each one is allowed to launch and be launched by. This setting allows very detailed control over every running process and takes the most time and knowledge to set up.
If you were using SSM free, you'd want the second option. I haven't used most of the other HIPS but I'm reasonably sure that most would offer similar options. Default-deny is a very effective security policy when properly set up. The one requirement is that the user needs to know (or learn) what processes are necessary for normal system operation and allow them.
Separate names with a comma.