Executable Lockdown 1.0 released

The best thing of AE is Code Analysis. I havn,t seen this feature in any other software. So nice. I will prefer AE many times over Exe Lock Down.

 

The simple difference between AntiExecutable and Executable Lockdown is that
the first tool does what is says it does.

And Executable Lockdown doesn't stop executables, it can stop certain files that are 'possible executable files' because of their extention

YES, and Executable Lockdown CAN NOT stop these !!!

So you doesn't even have to hide this executable, it just can't stop it anyway !!

If you hide a executable, it can never find it, just rename the exention and it will pass by

AE will look into the file

 

Are you going to back up your claim with an example of a file that can download and bypass AE?

If not, you should withdraw your claim.

 

its not a "claim" search this forum one guy did bypass ut even couple of time , i cant remember his nickname pal

if one of us did bypass it (was very easy thats i recall) imagine what the expert malware buillder can do

chers

 

I will be highly interested to know any thing bypassing AE. It,s possible but haven,t seen yet.

 

Is shielda.sys the name of EL's mini filter driver?

 

OK you guys I found an easy way to bypass EL at this point so no use trying. Please wait for an updated build before trying it. Also please feel free to find other ways to break it if you want. I will post a link to the updated file when its available.

Thanks,

Chris

 

actuley EL breaking is no so hard there are some ways no make it stop working, unlike AE which is solid as abig rock!

 

Yep, it's EL's driver.

 

Please pm me or let hds know or tell in this forum please. it will help it become more solid for the next build.

Thanks,

Chris

 

I think AE pretty much has a lock on this feature, but all the best for you guys who want to see how well HDS can improve beyond their obvious limitations with their crafts.

 

limitations? what limitations? how many softwares are there out there like rollback rx? or drive vaccine? not many. very few people have made such softwware..and for good reason... its not easy. If it was there would be many programs like fdisr, rollback and the like.

Thanks,

Chris

 

Hi Chris

Some users, make that many users are gamblers sometimes. You learn after enough losses to break the chain.

But like i said, best of luck.

The BEST! is already been introduced and distributed, some if only for a season.

The rest? Well, the process of elimination usually dictates the final outcome in the end just like a pair of candidates in a position's race.

Good Day

 

You're one of a kind Easter

 

Indeed, not many softwares like RBRx exist, if you kill the competition (FDISR) first. Isn't that logical ?
Why does HDS need FDISR Rescue anyway. Drive Vaccine does a similar job.

 

From my understanding, the reason that EL doesn't need to scan for a whitelist is that it doesn't actually use one. It installs a driver that detects when NEW executables are being run.

I did some tests and here are my results.

1) I've tried to execute a file with a few different extensions (cmd scr pif bat com msi) and they were all blocked. Thus the claim made about EL being fooled by just changing the file extension is either untrue or has been fixed.

2) When the msi file was run however, the windows installer interface was first invoked first before EL actually popped into action. After denying access, the windows installer interface exited with an error. I don't know what the implication of this is but perhaps it suggests that the EL driver does have some intellgence built in and is not filtering on extensions alone.




3) One way to bypass it is to simply zip an exe. Then use windows explorer to enter into the zip file and double click. The exe will be allowed to execute even though EL is on.

4) Another way to bypass it is to a) kill EL process via the task manager b) copy the exe file into the computer c) turn Executable Lockdown back on d) execute the file. The executable will be allowed to run. Note however that if the file is executed after step b with EL still being off, it wont be allowed to execute.

 

Thanks for your findings and especially screenshots. Maybe you can pass along your BYPASSES on to them so they can address those limitations. After being quite content with the progress of AE2 (not 3), i haven't really been interested in EL, but these results bring up some interest again.

Hopefully it finally turns out to be welcome addition at last.

EASTER

 

EL does run on 64bit operating systems, so that's one advantage it has over AE.

 

No problems. I just tried it as I was fed up with Faronics and AE3. I have also emailed HDS the bypasses. It seems like an issue with the way the kernel driver is implemented and how it recognises new executables. In either case however, it is too sloppy to be considered a serious product at this point.

 

I share in your disappointment of AE 3, and thats why i given up and decided to be content with version 2 which is at least stable and works well enough in group with a couple of other my security apps including a HIPS.

Hopefully HDS will take seriously your findings and release another updated bug-fix version. It would be nice for a change to have another alternative to AE, not that AE isn't good, AE 2 is satisfactory with me, but it helps to have other similar programs like this from which to test, judge, and decide on then only one.

EASTER

 

HDS hasn't gotten back to me yet on the bypasses but they did answer my question on their roadmap for the software. They are developing network management features for the next version.

 

Very well then huangker

Thanks again for your opinions and correspondence on everyones behalf.

EASTER

 

The latest version of AE is 64 bit compatible, the download includes both 32/64 bit installers.

 

I've got responses. They are working on problem 3. The solution to problem 4 is to add taskman to the backlist. That way you can't kill exe lockdown.