Bouncer (previously Tuersteher Light)

From http://www.bitnuts.de/ (see entry from May 20, 2013):

I haven't tried it.

 

See also the entries from:
July 27, 2013
January 14, 2013

You'll probably want to stop the driver when installing programs.

Tuersteher Light can apparently blacklist folders/files in addition to whitelisting them. For reference, here is pretty close to my current AppLocker ruleset: https://www.wilderssecurity.com/showpost.php?p=1679077&postcount=7.

Also may be useful to some: Auditing permissions of an admin account protected with UAC.

 

Tuersteher, that's a great name.

 

Tested on Win 7 x64 - works great !

Be sure to make a full system image before trying this program in case you mess things up.

You can find the desired volume number(s) as follows:
1. Launch command prompt.
2. Type diskpart and press Enter.
3. Type list volume and press Enter.
4. Type exit and press Enter to exit diskpart.

For 64-bit operating systems: you can temporarily test this program by following Method 2 at http://sabrent.com/support/knowledgebase.php?article=14.

You'll probably want to run stop driver.cmd before you install software. When done installing, run start driver.cmd.

The documentation is wrong about the name of the optional log file. It's named tuersteher_light.log.

 

Idea: perhaps this could be used in conjunction with AppLocker/SRP to counter the purposeful holes Microsoft put in AppLocker/SRP. Windows 7 has a hotfix for this but I believe that Windows 8 does not.

 

Somebody asked to the developper a version of the driver for Windows XP ?

Same thing for MZWriteScanner.

 

From the site:

 

See entry for March 19, 2013 for the program MountPointFunctions referenced in the Tuersteher Light documentation.

 

Interesting software from http://www.bitnuts.de/

 

Today I have send a mail to the developer for asking him to join us on this forum and for adding a Windows XP version for 3 of it's drivers:

ExecutableTracker
Tuersteher Light
MZWriteScanner


I'm waiting now for the answer.

 

Please report back if you get a response

 

I got an answer from Florian the developer.

For the moment, Windows XP will not be supported because he has changed his build environment from Visual Studio 2008 to Visual Studio 2013 and he doesn't have a lot of time for that.

I say "for the moment"...

The door isn't closed definitely because he has admitted that Windows XP will need tools like these with the end of the official support in april.

We need to be patient now.

 

Doesnt sound too likely to me.

Thanks for the reply

 

Maybe I'm missing something but I can't get it to work. I booted with signed driver checking disabled. I then installed the Win 7 64bit driver and made sure the driver is running but I can still execute things. The config file only whitelists %windir% and %programfiles% so I shouldn't be able to run stuff on my desktop.

 

Did you:
1. Install the driver (right-click on appropriate .inf).
2. Make sure the volume # used in tuersteher_light.ini is correct.
3. Don't use symbolic paths like %windir% in tuersteher_light.ini.
4. Put tuersteher_light.ini in \windows folder.
5. Run start driver.cmd elevated.

You can run status.cmd to check the status of the driver.

 

Maybe somebody could email the author and ask if there are any other similar publicly available free programs?

 

I hope you guys are joking. There are plenty of anti-executables for XP. Why would you need another?

 

Know any free ones that aren't listed in 9.13 at http://www.techsupportalert.com/content/probably-best-free-security-list-world.htm?page=0,8?

 

Trust-no-exe adds itself to the control panel, worked fine on XP for me

 

Process Guard. The free version has execution control with white/black list. The full version added a few other features. Unfortunately, Diamond CS is no longer in business. But the free version is still all over the freeware/shareware download sites.

http://www.majorgeeks.com/files/details/process_guard.html

 

This Little program seems to be very simple but highly effective. I assume that it doesn't even have a gui or can anyone shed light on how it Looks like when it's installed on the Computer?

 

@Windows_Security and Cabville: thanks for the responses . Those two are found in 7.7 of the list. I'll probably merge 7.7 and 9.13. (I'm a new editor of that list.)

 

There's no GUI. If you need help on using it, say so .

 

From http://www.bitnuts.de/ post dated 2014/05/27:

 

Thank you MrBrian !

My mail to the developer was useful I think...