Anti-Executable

I have the same kind of problem.
My frozen snapshot removes any change, which means also the GOOD changes and I'm asking myself : "If I replace my system partition with a CLEAN system partition during EACH reboot, do I really need these GOOD changes, like Windows Update and updatings of security softwares "
Even stronger do I need any security software at all ? That's probably too strong. LOL.

 

Well I tried Anti Executable and it did work ok at first then started to get very high cpu usage. lsass.exe was one that ran 60-100% locking up my system. Trere were other one's that ran high also,just don't remember which one's they were. Uninstalled and all is back to normal,very low cpu. Must of conflicted with something,maybe I'll try again at another time,just not right away.

 

Which processor do you have ?

I have this one : AMD ATX Athlon 4400+ 64Bit X2 Dual-Core Processor

Source : http://www.amd.com/us-en/Processors/ProductInformation/0,,30_118_9485_13041,00.html

 

I contacted technical support regarding automatic updates with AE enabled:

'Running updates while the software is installed can cause problems - while the application is on the whitelist it may be changed during the update and would then be removed from the whitelist. This can cause the application to stop working under AE, therefore I would recommend only running the updates when the software is disabled'.

Maybe Prevx1 is a better option?

 

Diprivan,

It really depends upon how you work and the type of access available to the machine (open or with other folks vs. you only)...

With AntiExecutable, simply disable automatic updates and manually update on an infrequent basis as desired and disable AE during that process. At all other time, no new executables will run, period.

With Prevx1, under Advanced>Protection Plus, the setting for Unknown Programs is key. If you think about the way AE works, the end result is similar to setting Prevx1 to block any unknown program. The difference lies in how unknown programs are defined. From a protection perspective, setting the action for Unknown Programs to Query should provide all the protection required.

The programs work to similar end goals by different methods, they have slightly different strengths and weaknesses, and they are best used in somewhat different settings. Since AE requires disabling/re-enabling to allow a new program while Prevx1 can handle this on the fly in response to a query, it comes down to how that situation is best handled in your case. Both programs work fine and are compatible with a wide range of other options.

Blue

 

Hi, folks: thanks Blue, for the info. I have renewed Prevx1 w/ new key(you know that!) and have been contemplating to test AE. Since end results from these two are quite similar(thru slightly different routes and means), I am likely just to use Prevx1 to fulfill my anticipation.Thanks.

 

I prefer Anti-Executable above Prevx1, because Prevx1 requires regular updatings and Prevx1 cannot work without internet.
Anti-Executable doesn't require updatings, just occassional program updatings and such softwares are good in a frozen snapshot, because I don't have to re-freeze all the time.
I only need AE to save the day, what AE misses will be removed by my frozen snapshot during reboot.

 

I agree. And while loyals find this to their expectations with positive results i still harbor reservations simply because....."Prevx1 requires regular updatings and Prevx1 cannot work without internet". You see i prefer a local Db that could be updated regularly and not so much on-the-fly although the concept obviously is much appreciated by many.

AE indeed is a very formidable program that i have used in the past and found it very tight, so even though at present i don't now use it, i certainly would if i felt my system needed it which it isn't proved to me yet that it does anymore.

In retrospect, i did try Prevx1 and i find it very aggressive in it's performance and for me user-friendly also. It does take snagging malwares to a different level, just one i wish did not require a constant direct URL connection for making determinations that i feel are better suited for local Db's of the program. Just my own personal choice, thats all.

 

Easter,
I can understand that AE is a pain for many users, who change the CONTENTS of their harddisk [C:] constantly by installing and trying new programs.

I don't have that problem because I still can test as many softwares I want in other test snapshots without AE.
I only need AE in my permanent on-line snapshot and I don't need AE in my permanent off-line snapshot, because it has no internet.

All other snapshots (8 in total) are for testing new softwares or combinations of new softwares. These 8 snapshots are removed when I don't need them anymore and I still have an unlimited number of archived snapshots available to keep my test snapshots for later usage, in case I don't have time enough.
I can even store a complete test bed in an archived snapshot, if I want this.

 

Hello,
AE is one of the few apps that caused a significant crash - killed one of my Windows 2000 systems. Still, It did and does work well under XP. However, it's not suitable for flexible and changing setups - and/or people running lots of custom or scheduled scripts / tasks etc...
Mrk

 

That's because you don't have FDISR or don't know how to use FDISR.

 

Hello,

Erik, this happened in year 2005 I think, on a dedicated test machine. Test machines do not have backup software.

I do use imaging software for some of my production machines, if only because I'm lazy. Personal data is backed up on multiple hard disks, internal and external as well a whole bunch of CD/DVDs.

Regarding FDISR, I don't know how to use as I have not tried it, true, but it did not happen because I was not using FDISR - it happened because of some strange bug...

I can appreciate that you like your setup - but any setup is ok if the user is pleased.

Mrk

 

Read this thread and have been looking at his app as well

I agree with Rmus re his evaluation re DF and AE for his needs -very robust approach- and he has taken an interesting approach to malware analysis.

I suspect for me and my set-up this may be a bit too tricky to remember to On/Off frequently. Sh*t half the time I cant even remember where I parked the car. !!
Blue-Z wrote this in post #9 and I have been waiting for some insights as to what exactly this means:

Any one care to elaborate?
-rich?

Thanks for an interesting thread. Very Illuminating guys

 

I like Exe Lockdown better. It is free and more functional. Exe Lockdown can be configured to ask you if you want to allow/block files on access versus Anti-Executable will make you disable it everytime. Exe Lockdown has password settings and also supports additional workstations, custom messages, event logging and an optional file scanner.

The only advantage I could imagine AE having over ExeLD is the pre-defined allow list which I dont believe helps anyone, because both softwares need to be installed on a clean system to be effective.

Here is a screenshot of the Exe Lockdown configuration:
http://img114.imageshack.us/img114/6504/untitledbs1.th.jpg

 

I don't need an on demand scanner in my frozen snapshot, because my frozen snapshot = all on demand scanners and does a much better job, because a frozen snapshot has not the problem of missing signatures and false/positives.
So any on demand scanner is superfluous in a frozen snapshot. If you don't agree with me, challenge me.

The main scanner with a protection shield is something else, because the protection shield protect you against infections, but my intention is not to use a main scanner as well, because even the main scanner isn't good enough for me.

 

Erik, this is not about FDISR, it's about AE or alternatives (i think that's on topic, alternatives).
And even though i see that your strategy is good, i don't see myself restoring images everyday. Way too much for me. I just turn it on.

If i think it's about time to start fresh, sure, restoring a clean image is nice.
Images, for me, are backup tools.

I think that one is interesting AJohn. Maybe i'll take a peak.

 

Ajohn,

Thanks for the information about Exe Lockdown. I like to keep track of these types of products. As I mentioned in another thread, I was sorry that Abtrusion Protect no longer is being developed.

As White List solutions become more prevalent, there needs to be more options to meet individual needs/preferences.

Your comments about AE have been made by others, that it is not so flexible. However, there will always be a need where someone wants that type of one-dimensional program, where there is nothing other than default-deny.

Remember that Faronics first designed their products with institutional situations in mind, as with Deep Freeze, where one complaint is that you cannot unfreeze with a click: you have to reboot to thawed state. And you can't commit changes while frozen, as you can with ShadowUser in Shadow Mode, for example.

But you can understand where a user or Administrator would want this type of setup.

I hope you can run some tests with screenshots showing how Exe Lockdown catches attempts to install malware.

regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

This is about AE in combination with a frozen snapshot and I'm not talking about images. You don't seem to understand anything about my approach.

 

Thanks for the reminder AJohn.Had forgotten about this one. I'm going to look into this one also sence AE did not go so well for me. Downloaded but not installed yet,want to read up more on it if I can find some time soon.
Erik Albert,I'm glad AE works for you but just not what i'm looking for right now. Maybe another time when I can take a few snapshot of a couple of security setups.

 

AJohn, can we set it to simply block silently, not prompt for allow/deny?

 

I'm not using AE yet, I trialed it.
I give EXE Lockdown a try, but I don't put much faith in HDS, their RollbackRx isn't reliable either, that's why RBRx requires hundreds of posts at Wilders to make it work.

 

Works fine for me. V8 works even better then V7.

(and FDISR only has 6,431 posts)

 

Lucky you. I've read other posts. I don't take such risks, not when a software has to save my computer and FDISR isn't the same as RBRx either. Too many differences.

 

Is it still available on their site? I thought it is discontinued. It,s not free I think?

 

See here
The link is somewhat hidden.