Anti-Execute in v3

Discussion in 'Returnil Betas' started by Dark Star 72, Aug 10, 2009.

Thread Status:
Not open for further replies.
  1. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    Mike,
    Have just discovered that the anti-execute element in 'Virus Guard' (trust programs from the real disk only) only appears to work if 'System Safe' is on :(
    Is that the correct behavior or is my version of Returnil not working properly.
    That would mean that if I had System Safe turned off to update an app on my machine I would be unprotected.
    In v2 the Anti-Execute works and remembers what you block or allow no matter if you have protection turned on or off.
     
  2. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi Dark Star 72,
    Your version is working properly. The AE functions have been distilled down to a simple choice between trusting only those programs already on your real System or allowing all programs to run without blocking their activation. It is also integrated into the overall AM capability that also includes behavioral analysis and malware sample collection support (can be opted out of...)

    We have done this due to the fact that the VG feature is more robust and update-able than the AE in 2x, which is a more primitive combination of anti-execute and antimalware against very specific types of malware.

    You are protected in a different way so you should not see it as a loss of protection. We are also working to ensure as much compatibility as possible between RVS and the solutions you may already be using. Our goal is not to replace you AM/AV/HIPS, but to augment your strategy (when appropriate) in a way that closes the gaps.

    Mike
     
  3. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    Many thanks for your answer Mike. I just wanted to be sure that i hadn't got a problem :D
    I am now running the latest release after a few weeks being otherwise occupied and this version seems to be much more stable than the previous version I ran. I have been running it for some days now and it's purring along nicely. Browsing faster as well.
    I am sure that in the last version I ran that when trying to execute an exe or msi that I got a pop-up giving me a choice of allow or deny. There was no way to enable a 'default deny' option as in the v2 anti-executable. It was very nice to see that in this latest version there is just a pop-up to inform you that the execution has been blocked. A great step forward, I don't want other people using my machine to get a choice.
    Look forward to seeing the shell extension enabled.
     
Thread Status:
Not open for further replies.