Anti-Executable and FirstDefense

Discussion in 'FirstDefense-ISR Forum' started by Acadia, Nov 20, 2007.

Thread Status:
Not open for further replies.
  1. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Been reading about Faronics Anti-Executable, sounds kind of interesting. Those of you who have it, is it perfectly compatible with FirstDefense? Any special measures need to be taken to use the two of them together?

    Thank you very much, :)
    Acadia
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    Yes it is. I turn it off when backing up, and copy/update with FDISR. I suppose I could exclude certain ISR folders, but it's just as easy to turn it off.

    Interestingly Acadia, last time I had it on, I noticed a halting during the preparing to copy phase of FDISR. Disabling had no effect, but uninstalling cleared it up. I have yet to see it this time, but am watching. Should it reappear, I will just uninstall/reinstall AE.

    The strength of AE is also it's annoyance. I always forget to turn it off the first attempt at downloading something. But I like the fact it will trap and keep me from downloading executable code. Give it a try but be patient with yourself.:D

    Pete

    PS Aside from the fact it uninstalls fairly easily, you can always make it go away with FDISR.
     
  3. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    :thumb:

    Thanks, Peter,
    Acadia
     
  4. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    I've never tried the two together however this has stirred my interest so i'm gonna go try it out. I'll let ya know how it goes.
     
  5. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    farmerlee, THANK YOU! :cool:

    Acadia
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Acadia,
    I use Anti-Executable on HIGH security for months already.
    Like Peter already said, AE is very strict when it's ON and it stops any executable, legal or not, that isn't whitelisted. Once you get used to it, it's not that irritating anymore.

    So you must turn off AE, if you want to download an installation file of a legitimate software and keep it off, when you install the downloaded software.
    Once you turn AE back ON, the new installed software is whitelisted by AE.
     
  7. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Thanks, Erik. So AE only affects the Snapshot that it is installed in, correct, otherwise you could not use FD to uninstall AE, like Peter stated.

    Acadia
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes AE only affects the snapshot, where it is installed.
    My on-line snapshot has AE and my off-line snapshot has no AE and I can install any software in my off-line snapshot without being bothered by AE.
     
  9. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Hey, Erik, I see that you also use DefenseWall. What kind of a FD Snapshot do you use that in, the same one with AE? Would you even need DW in a Snapshot that has AE since AE seems so complete and thorough.

    Thank,
    Acadia
     
  10. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Another question: AE does not interfere with Freeze does it?

    Thanks, guys,
    Acadia
     
  11. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Good Topic.

    I seen the solidness of AE in action but was skeptical myself in mixing it with FD-ISR but like Peter2150 aserts, it's but a small matter to turn it off to download/install any program you deem is safe. Then like Eric aludes to it's immediately WhiteListed for inclusion to it's internal database.

    A very formidable program that takes no prisoners, or should that be takes ALL prisoners if not carrying an AE Permit :D
     
  12. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Only my on-line snapshot needs security, so AE and DW are both installed in this snapshot and this snapshot is constantly frozen. Any good or bad change is removed during reboot.

    I'm a total newbie regarding internet, malware and anti-malware, so I don't know for certain if AE and DW are overlapping eachother, IMO not, because AE doesn't stop everything.
    Internet Explorer, Firefox and Thunderbird are untrusted applications in DW and that means that all 3 programs + all programs launched by these 3 programs are very limited in their actions.

    Although my frozen snapshot removes any malware during reboot, it doesn't stop the installation and execution of malware and that's why I need AE, DW and any other software that stops the execution of installed malware in the period between two reboots.

    Frozen doesn't mean that nothing can happen in your snapshot, on the contrary anything good or bad can happen in your frozen snapshot, just like in a normal snapshot.
    Frozen only means that any good or bad change is removed during reboot and that's all.

    DeepFreeze, Returnil, PowerShadow, ... are also frozen snapshots, when their frozen mode is activated and any change will be removed during reboot. I'm waiting for a software that removes any change IMMEDIATELY, because reboot isn't immediately and therefore TOO LATE. :)
     
    Last edited: Nov 20, 2007
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Say Erik. For someone who considers themself as a newbie as you say in this arena, you seem to have fashioned one if not the very best security setup & practice that i believe i have ever witnessed in all my time working with PC's and safety programs.

    Whatever it is or was that you might lack in what happens to your disk + data/partition, you definitely have proven an uncanny knack for piecing together a nearly if not 100% fool-proof system that leaves virtually little or nothing whatsoever at all that could even remotely disturb or forcefully by stealth interrupt your system, plus completely preserve ALL your data safely.

    I've gathered more useful insight and PROVEN results from your own ideas of sealing off any potential compromise a lot more than even the malware research i put so much time into over the years.

    You never leave not a single stone unturned & examined, and those results reap huge dividends in achieving the Ultimate Wall of Security against intrusion of any form, with the slight exception of making some mistake of your own doing, but we all are guilty of throwing the wrong switch now and then. :D
     
  14. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    My approach is certainly not based on knowledge of internet, malware and anti-malware. That's why I avoid any discussion with these experts, because I know in advance I will lose due to my lack of knowledge. I've read many posts at Wilders, I don't even understand what they are saying.
    I don't even know how to configure my router and firewall properly. :D

    I work with philosophies, theoretical ideas, based on analytical and logical thinking. Separating problems from one another that have nothing to do with eachother. Separating important stuff from not important stuff. Dividing big problems into smaller problems, which can be solved easier, etc. ...

    I'm just trying to do my best in a world, I hardly know and understand. :)
     
  15. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Just tried it on my test system (p4 3ghz, 512ram, xp home). It ran fine using the default settings. With AE enabled i exported a snapshot which took 3:19. I then exported a snapshot with AE disabled which took 3:13 so the performance impact is negligible.

    The only slight problem was when i had AE set to high security with all options enabled, it interfered with the copy procedure. I'd say its due mainly to the copy prevention. With high security enabled and copy prevention disabled AE still flags .com and .msi files which causes errors in the copy process.

    So i'd say its best to copy/update snapshot with AE in low security mode or else just exclude fd-isr.
     
  16. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    I use Comodo Boclean for same purposes,but then you have to trust their blacklist,i know all AE users are against it, but for me it fits nice with my security setup.
     
  17. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Tons of excellent information here, THANK YOU ALL. :cool:

    A couple of more questions. So Anti-Executable does not stop everything? What kind of stuff would it not stop?

    FirstDefense, Anti-Executable, AND, DefenseWall all play nicely together for Erik, anyone else using all three together?

    AE users are against BoClean?

    KEEP THIS INFO COMING, thanks again. :thumb:

    Acadia
     
  18. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I'm against BoClean, because it's based on a blacklist, which requires regular signature updatings of known malware and is therefore always incomplete, because it doesn't contain unknown malware. There is also a serious time gap between launching the malware and updating its signature.

    AE can't be incomplete, because it has a whitelist of all installed executables on your harddisk, anything else is refused immediately. Simple, effective and very understandable for average users.
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    A. I don't like Boclean, but only because it does a memory scan frequently, and also seems to me it's late in the game to catch something.

    B) AE won't catch certain types of scripts. You can go to the faronic's website and see the stuff it does catch. overall pretty impressive.


    I run it with Online Armor, Returnil, sandboxie, and of course FDISR
     
  20. Banshee

    Banshee Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    543
    Interesting thread this one about AE. Do you think it would be useful for me even if I have SSM paid ?

    Thanks
     
  21. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Probably not, AE's capabilities are basically a subset of SSM.

    Blue
     
  22. Banshee

    Banshee Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    543
    Thanks !
     
  23. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Yo, people, forgive my ignorance, what is SSM? If there is something even better than Anti-Executable than I want to know! :cool:

    Thanks,
    Acadia
     
  24. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    OK, upon searching Google I get the impression that SSM deals with Servers. I am only interested in one single home pc. So, if I am correct, Anti-Executable should still be of interest to me, correct? Thanks.

    Acadia
     
  25. Banshee

    Banshee Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    543
    Hi,

    SSM stands for system safety monitor.More here http://www.syssafety.com/
     
Thread Status:
Not open for further replies.