Defense+ deny-execute policy suggestion?

Discussion in 'other anti-malware software' started by guest, Jan 23, 2015.

  1. guest

    guest Guest

    How much would I shoot myself in my own foot by doing this? At least for 2015's standard. Thank you for the help.
     
  2. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    I'm not a Comodo user, but it appears you're using all kinds of block rules to control what specific applications can do, which tends to make things cumbersome when using an anti-executable. Is it possible to use a default-deny approach, and just allow what applications can do, then the rest will be be denied by default? Your rules could be allow execution in Program files and Windows (except user-writable directories), and that's it. The rest will be "default-denied". BTW, I see no reason to feel insecure about allowing whatever you need in user-space, so long as you create fairly granular rules for them, even if they're Path rules.
     
  3. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
  4. guest

    guest Guest

    @wat0114
    I've turned D+ into some kind of a default-deny policy-restriction HIPS. The rest are basically done but the execution control is the one that still bothers me. I can just make specific rulesets for each app, but that would make it to be a little harder for me to monitor. Giving a default-permit execute policy of apps to UAC-protected folders can be a way, but I am not certain if this would be a good idea or not. This seems to heavily reliant upon UAC, which I'm starting to dislike.

    @safeguy
    Thanks, but I've already configured it as default-deny. Only thing is I do not know whether or not creating a default-permit execute policy for user-space apps in UAC-protected folders would be a stupid idea.
     
    Last edited by a moderator: Jan 24, 2015
  5. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,083
    Location:
    Netherlands
    What OS (windows version/ x86 or x64)?
     
  6. guest

    guest Guest

    Eh screw it. I still deny permission to create child processes for apps that don't need it, and I create specific rulesets for specific apps that need to launch other executables, of course only to the specific executables that need to be accessed. No whole-folder allow permission for you.

    The log surely does help a lot. :)

    Windows 8.1 Pro 64-bit. :)
     
    Last edited by a moderator: Jan 30, 2015
  7. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,083
    Location:
    Netherlands
    Last edited: Jan 31, 2015
  8. guest

    guest Guest

    I did. However, I was wondering if giving an allow-execute permission to UAC-protected folders would be a safe thing to do. And after much thought, I've now decided to against that idea. If I need to create specific rulesets for all the apps I have installed in my system, so be it. I can't help but keep worrying if the app would get hijacked to create an executable in the program's folder and execute it to launch an intrusion.

    Oh no, I'm more paranoid than that. Not allowing that to happen. :D
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,079
    If you have UAC enabled that program would have to elevate to be able to write to Program files folder.
     
  10. guest

    guest Guest

    True, but I consider UAC to be a piece of crap these days, for whatever purpose it was intended for. I can't trust it anymore.
     
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,079
    I still trust it and believe that it will notify me when program will try to elevate it's rights. OTOH I don't expect it to do anything more.
     
Loading...