Anti Executable3

Discussion in 'other anti-malware software' started by arran, Sep 17, 2010.

Thread Status:
Not open for further replies.
  1. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    I thought AE is supposed to block all executable file types and not just exe's?

    Just installed AE3 and it doesn't appear to be the case is it just me or is this not the case?
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    did you test it againts other type of file?what kind of file?
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I seem to remember Rmus stating that AE 3 doesn't protect against DLLs, while an earlier version did.
     
    Last edited: Sep 17, 2010
  4. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    It only scans exe's and not other file types like DLL's
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    that sucks big time:D alitle registry tweak for my browser will do way better than this:)that is weak
     
  6. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    true that:thumb: :thumb:
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    From the Faronics Anti-Executable Standard User Guide, p. 8

    By popular demand, the next release of AE3 will include control of DLLs, as I understand from communication with Faronics.

    Also, note the inclusion of the file extension, .bat - a script executable, not a binary executable. I asked about including other script types, and it's on the drawing board.

    regards,

    -rich
     
  8. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    they should include all type of executable files as the name they cary is Anti-Executable ;) it doesnt make sense to me:)
     
  9. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    I agree with jmonge. A good Anti-Executable should be able to block all executables formats.
     
  10. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    hips can do this ;)
     
  11. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Is there any word on wither their Standard version is going to become 64bit compatible? Last i checked only their enterprise version is 64bit compatible.
     
  12. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    That's disappointing it should include all executable types. How would AE protect you from malicious DLL's? I am thinking about changing my setup and was looking at using AE but now AE is out of the question.
     
  13. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    AE standard has always been offered for both 32 and 64, when you download the installer you get both versions automatically.
     
  14. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Is Faronics AE equivalent or better than Comodo Firewall Image execute?
     
  15. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I too always thought AE blocked ALL types, it's a bit logical to do so when your name is "Anti-Executable". I don't think their price is very logical either, but I'm probably alone in that, lol.
     
  16. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    "Better in what way?

    "Better" is a loaded word, which is why "Which is better" threads usually degenerate into useless discussions. Mercifully, they are no longer permitted on these forums!

    However, I will re-phrase your question, so that it addresses:

    1) the method that the anti-execution protection uses; for example, does it use a White List? How does it monitor the files?

    2) the file types monitored

    First, I would suggest that you download the User Guides for each product. That will give you an idea of the User Interface for each. That may be a valid consideration for you.

    For the file types monitored, I quoted from the AE3 manual in a previous post, listing the filetypes. A comparison with Comodo is a valid consideration, and you should see that information in the User Guide. For example, Presently, AE3 does not monitor DLLs. This will be available in the next version

    The method used to monitor the executables is important, because some products in the past used file extensions, which is the weakest way to monitor activity, as that is so easily bypassed. I'm sure Comodo doesn't do this, but it's wise to know everything about the product, so this information is important. You may need to contact Comodo for this.

    Finally, you should test the products. Faronics offers a 30-day evaluation version, and I assume Comodo does something similar.

    If you are not set up to test malware, just attempt to run a Setup or Installation CD. Enable Autoplay/Autorun for this test. The executable file that attempts to start will not be on the computer's White List, and the product should alert and demonstrate protection against Autorun.inf exploits.

    CDalert.gif

    Another test is running a non-white listed executable from a USB drive. This will test to make sure the product does protect against intrusions from external media.

    USBalert.gif

    Now, someone else may have compared the two products and can offer more information about Comodo, yet your own testing is really more valuable, IMO.


    regards,

    -rich
     
  17. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i wrote to faronics about an ETA for when AE would protect from malicious DLL.

    answer:

    Dear Vincent,

    Thank you for contacting Faronics Technical Support.

    So far, there are no plan to include blocking of DLL files for AE.
    Please raise a request to us if you need AE to block DLL or other
    type of files.

    Thank you.

    Regards,

    Daniel Seow
    Technical Support
    Faronics Technologies Inc.
    Tel: 800-943-6422
    Fax: 800-943-6488

    Intelligent Utilities for Absolute Control
    www.faronics.com
     
  18. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Wrong, Kimosabe! A vs B rants/discussions are only banned from discussions in the "Other anti-virus" forum. They are okay for all other types of software, including this AE3 thread.

    However, going far off-topic is frowned on by the Mods -- and your interesting post has done a teeny bit of that. Ooops! ;)
     
    Last edited: Oct 6, 2010
  19. Sherlock_Holmes

    Sherlock_Holmes Registered Member

    Joined:
    Mar 21, 2010
    Posts:
    1,449
    Location:
    Mumbai
  20. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hi bellgamin,

    Thanks for the clarification - I didn't realize that it pertained just to AV products.

    Sorry, I didn't realize it was off-topic.

    Since the question by Searching_ _ _ regarding AE and Comodo, "which is better," has no meaning without talking about specific features, I mentioned two that can serve as a basis for comparison.

    ----
    rich
     
Loading...
Thread Status:
Not open for further replies.