Faronics AE 3.50 showing some issues.

Discussion in 'other anti-malware software' started by pinso, Oct 18, 2014.

  1. pinso

    pinso Registered Member

    Joined:
    Jun 28, 2009
    Posts:
    247
    Hello, i am using Faronics AE 3.50 for a quite a few times.
    After a series of headache from adware and viruses, i decided to install Sandboxie for testing softwares and Faronics AE for further protection against adware and useless stuffs.
    Lately Faronics AE doesn't show the message like "You do not have the Privilage to run this application" something similar message , that usually pops up: when i try to run new application program. When AE is enabled, lately this message doesn't pop up and i don't understand why.
    I also have AnvirTask Manager and i remember disabling some programs from startup and i clearly remember AE as not being the one.

    So what could possibly be the reason.Any suggestion, i tried uninstalling and re-installing the program to no avail. AE doesn't seems to stop any new program from being run.

    A logfile from AnvirTask Manager is attached, could someone have a look.
     

    Attached Files:

  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    HI Pinso

    If I remember correctly, last time I trialed Faronics AE, it was version 5 and it didn't play well with Sandboxie. In my personal opinion you would be better off dropping Faronics and take a look at NoVirusThanks Ex Radar Pro. I think it's a far better program, and it's inexpensive compared to Faronics.

    Pete
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    @ Peter2150

    I just knew you would say this. :D

    But I have to agree with your advice.
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    Well I've tried the new Faronics AE, and you get intrigued by the DLL protection. I've turned it on, and my machine behaves like a fishing boat tied to the dock. Just to painful.
     
  5. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,083
    Location:
    Netherlands
    VoodooShield offers a free version (great for your XP OS).

    Why don't you use Software restriction policies of your Windows 7 Pro, it is really simple

    1. Enable SRP through Group Policy (type secpol.msc in run)

    2. Create new rules (the default)

    3. In "Security Levels" set default level to basic user

    4. In "Enforcement" enable for all files, apply for all users except Admin

    5. Apply this trick http://www.symantec.com/connect/downloads/msi-run-administrator-context-menu-vista

    >> Now execution is blocked in all folders outside Windows and Program Files.
    >> When you want to install something just choose run as admin (or run MSI as admin).
     
    Last edited: Oct 19, 2014
  6. Arcanez

    Arcanez Registered Member

    Joined:
    Oct 5, 2011
    Posts:
    396
    Location:
    Event Horizon
    When I choose to enforce the rules for all files (including dll files) certain programs like Microsoft Office or Asus Xonar Essence STX Audio Center are no longer functioning. When I choose to enforce without DLL's they work fine. Is there any way to fix this so that I can use the enforce for all files (inclusing dll files) Option?
     
  7. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,083
    Location:
    Netherlands
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Yes DLL monitoring will often cause problems, I remember when HIPS added this feature back in the days. Sometimes less is more. :)
     
  9. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,083
    Location:
    Netherlands
    You could add this https://www.wilderssecurity.com/thre...ct-folders-and-use-as-anti-executable.369503/

    When the SAFE search path of DLL's is set, "only" exploits and shoot-in-the-foot errors can trigger dll-injection. This is the reason why some experts claim there is little real life value of adding DLL's to the setup (and the reason MS did not include it in the default). Their logic: SRP/Applocker should prevent should in the foot errors in the first place, when real life breech happens, it is problably due to an (in memory) exploit to which the SRP/AppLocker is also futile. I leave it to experts to comment on that.
     
  10. Arcanez

    Arcanez Registered Member

    Joined:
    Oct 5, 2011
    Posts:
    396
    Location:
    Event Horizon
    I installed it to C:\Program Files\Microsoft Office 15. I also have an entry in C:\Program Files (x86)\Microsoft Office. I think I installed it for all users although there is actually just one account on my Computer.
     
  11. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,083
    Location:
    Netherlands
    Could try adding a path rule for C:\Program Files (x86)\* and set it to Unrestricted (see pic) and enable for all files again, then type gpupdate /force at run command and check whether office runs now.

    Sorry the picture looks to have "I" behind the ....(c86)\* but it is just the cursor which is also captured with the screen print

    upload_2014-10-22_20-50-37.png
     
  12. Arcanez

    Arcanez Registered Member

    Joined:
    Oct 5, 2011
    Posts:
    396
    Location:
    Event Horizon
    Even with the path rule that allows all files to be run inside C:\Program Files (x86) Office applications still fail to load and the asus xonar essence control Center doesn't detect the soundcard any more.
     
  13. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,083
    Location:
    Netherlands
    Sorry can't help you with it, have a look at Secure Folders.
     
  14. pinso

    pinso Registered Member

    Joined:
    Jun 28, 2009
    Posts:
    247
    Thank you for your replies , i just uninstalled and created a new White List ( before i was importing the already created Active White List from my previous save, [can't explain the reasons]), and in effect it would prompt the user "You do not have the Privilage to run this application", from there
    i choose to accept or deny or accept and add to White List.
    It was pretty simple. But my problem is fixed.
     
    Last edited: Nov 1, 2014
  15. pinso

    pinso Registered Member

    Joined:
    Jun 28, 2009
    Posts:
    247
    VoodooShield is like Faronics Anti-Eecutable in its own right.
    Will i have problems, if i install VoodooShield side by side with Faronics.
     
  16. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,083
    Location:
    Netherlands
    Faronics is the company who made anti-executable a security category in itself, why add a second AE? I think it is redundant to run them side-by-side.
     
  17. pinso

    pinso Registered Member

    Joined:
    Jun 28, 2009
    Posts:
    247
    yah , it makes sense.Thank you.
     
Loading...