Faronics Anti-Executable V.3.501111.406

Discussion in 'other anti-malware software' started by Osaban, Jan 1, 2010.

Thread Status:
Not open for further replies.
  1. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,219
    Some people complained in the past about AE conflicting with Sandboxie: not anymore (according to the release notes) and it is now supported on Windows 7.
    Release date, December 29, 2009.
     

    Attached Files:

  2. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    Thanks for that :thumb: , Hadn't noticed the 'Update Available' in the GUI.

    A couple of questions as I am a fairly new convert to AE:

    Do I need to do an uninstall and then fresh install of new versions or can I install over the top of the installed version?

    If I uninstall any software from the computer I can open the white list and delete the relevant entries manually, is it possible to update the white list in v3 after making any changes automatically?
     
  3. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Interesting... Does it support Win7 x64 too? Anyone running it on Win7x 64?
     
  4. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,219
    I usually uninstall the old version, making sure to export the old configuration to the desktop. Once the new version is installed I import the file so I don't have to do any new scan or whatever.

    Your second question, I should think it is possible although I haven't tried it myself.

    @ Fuzzfass

    AE is always downloaded with the 32 and 64 versions.
     

    Attached Files:

  5. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Thanks Osaban. I am installing it for a little test. This may be just what i wanted for 7x64. But its price is a bit too salty for my taste. Well, i guess i will see how the test goes and how well it runs.
     
  6. cruchot

    cruchot Registered Member

    Joined:
    Apr 20, 2009
    Posts:
    126
    Location:
    Germany
    Why not use the free AE (AppLocker) included in the advanced versions of Windows 7?
     
  7. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Because the free Applocker doesn't prompt you "allow or deny", does it? That's what i want.

    Anyway, it does what i want, but editing the whitelist takes forever. A "please wait" shows for more than 2 minutes...
     
  8. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,219
    I agree the price could go down a little bit, but you pay only once and you get 1 year maintenance in the price and they usually update at least once. They have the best support I have ever experienced. Editing the white list is really a rare event and one often important for administrators running a network of workstations.

    By all means it is an application that ought to be tested for the full trial period as it may hamper the the functionality of other programs (Sandboxie for example, which has been fixed theoretically, it still conflicts with System Safety Monitor according to Faronics).

    I use it on my main machine without an AV, and makes the system very fast indeed stopping any unauthorized executions.

    WARNING: If anyone intends to trial the program, DON'T DELETE THE INSTALLER, otherwise you won't be able to uninstall the program! It is meant to be a security feature, and the program can't be uninstalled through "Add or Remove Programs".
     
    Last edited: Jan 1, 2010
  9. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    I find the price of 32 euros (45 $) too high for a product that exactly gives 1 year of updates and it's a simple anti-executable. This price may have been OK 10 years ago, when only SSM and PG were out there, now i find it crazy, specially given the fact that sounds buggy to me. It doesn't matter if one edits the list often or not. I have a quad core CPU with 8 GB RAM and it takes something like 2 minutes to show me the list? WTF!?

    Also for all i know, after 1 year, SP1 for Win7 may come out and break the program. And i will be left with a worthless program, pretty much like i found myself with FD-PC Rescue once i went to 7. If they gave lifetime upgrades to all new versions, i would think of it. Now, i think they sell a very old technology at exagerrated price.

    There's Comodo for free, i have a lifetime license for Outpost Firewall Pro, OA is preparing x64 version, all of which offer much more than simple "anti-executable". I could be tempted to pay for Faronics, because i don't want to change firewall, if it was working flawlessly and they had a more reasonable price. But now... no way.

    Plus, it added a noticeable lag to my PC.

    Heck, Vipre allows for anti-executable function, the downside being that it doesn't auto-white list your existing exes. But i paid 9$ for it and it's also antivirus.

    I learnt that the hard way. :D Talk about overkill...

    Thanks for the info.

    I wish Faronics good luck in selling it for that price and update model.
     
    Last edited: Jan 2, 2010
  10. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,219
    My thread was only meant to inform about the update, and particularly the resolved conflict with Sandboxie. You may find the price too high, but you are wrong about the very old technology: the program has been totally redesigned from version 2 (many people are still very fond of it, I have it with my XP laptop) to version 3 with the advent of Vista. This particular update addresses specifically Windows 7.

    I'm not promoting it in any way, apart from saying that I use it in 2 machines with great satisfaction. If you are not happy with it, life goes on, as you say there are alternatives.
     
  11. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    You 're right, my bad expression. I don't mean it's old or not updated or something. I mean, that anti-executable, TODAY, is nothing ground breaking, as it was 8 years ago. Today, it's just one feature amongst many others , in many firewalls with HIPS. So, basically, a simple antiexecutable function, is "old news" today. If they charge 32 euros for that function, how much should OA Pro for example charge for giving full firewall and HIPS (which includes anti-executable function but also much more)? 100 $ a year? This is my reasoning.

    I am fond of PG free too. I wish it would run on 7x64. I 've nothing against simple antiexecutables. I like the idea, because it offers versatility. You don't need to change your firewall. But, 32 euros (plus 20% VAT probably) for 1 year updates for antiexecutable, is too much for my student budget.

    Don't worry, i m not saying you 're promoting. As a matter of fact you were informative, since i wasn't sure about their license model until i read your post.
     
    Last edited: Jan 2, 2010
  12. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    can confirm conflict with SB (3.42) solved (its about time )

    cheers
     
  13. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    when i see the name faronics anti-executable it made remember appranger or appguard,with appranger you can also have a strong anti-executable plus a on the cloud scaner with a rich configurable uder the hood program,sorry osaban for the off topic:D

    note:i am very tempted to test it cause for the reason that i heard good things about it all over the internet:D
     
  14. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,219
    Member Rmus, who is an expert in analyzing attack vectors has been using systematically Faronics Anti-Executable V2, and to my knowledge it has never been bypassed. I also remember him saying that the new version (V3) was not as tight as the old one. Perhaps a little trade off towards versatility, although I have been running it for the best of one year, and nothing executes unless white listed.

    No program is designed for everything, Faronics makes applications for computers used in institutions, where the user could try intentionally to sabotage the system, that's the reason why it is difficult or almost impossible to uninstall it normally through the control panel. I basically use it in the rare event that malware might try to attack Shadow Defender, it is also very light compared to any AVs.
     
  15. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    osaban you got a good point here and yes i know Rmus;)
     
  16. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    If regedit.exe is whitelisted then a reg file can be merged and if so then most exes can be terminated or deleted completely including AE's own exes at reboot.

    Won't post the reg setting as it can even delete explorer.exe at reboot and all you get is a blank desktop.
     
  17. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    I tried Faronics Anti-executable and thought it was a cool,useful program but I'm a big one for not having overkill security :D So I decided not to use the program.
     
  18. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,219
    You can take regedit.exe out of the white list for starters (if your computer has physical access to other people), secondly at reboot as you say, with Shadow defender or its natural partner DeepFreeze the change wouldn't stand a chance to take effect.
     
  19. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    I've been trying out AE for a little while now along with AppGuard. I've noticed is that AG only works in the user-space yet AE will protect aganst executables no matter where they reside. That leaves me with some questions:

    1. For a home pc with one user is there any advantage to protecting the Program Files and Windows directories?

    2. Why does AE install a mouse and keyboard filter driver?

    3. Is there any known malware/exploit that has bypassed either the mentioned apps?

    thanks
     
  20. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Returnil also protects. ;)
     
  21. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Good old dive under attack with a .reg file being downloaded and executed through regedit (or some other OS available registry program in the system32 folder) with pending file name operations or adding some stuff in the HKU policies (like NoRun, DisallowRun, RestrictRun).

    :thumb:
     
  22. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Nope, nope and nope.

    Installed AE:
    Before.JPG


    Merged reg file:
    Reg.JPG


    Rebooted with AE's main autostart.exe self deleting then going to AE's folder and double clicking on the other four exes and they auto-delete.
    After.JPG


    You can set just one exe or any number of exes to auto delete at execution.
     
  23. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,219
    I'd like you to pay attention to the thread topic, and as far as I'm concerned Returnil is off topic, and personally I had a very unpleasant experience with it(please PM me if you want to know more). Period. You test AE and take the regedit.exe out of the white list, and try to modify anything if you can.

    IMO, these are minor tweaks compared to what people go through with full fledged HIPS.
     
  24. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    OK, took regedit.exe outta the white list and was still able to merge the reg file?

    Try it yourself, export any key then remerge it and see if AE throws up any warning.
     
  25. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,219
    Here we go.
     

    Attached Files:

Loading...
Thread Status:
Not open for further replies.