Faronics Anti-Executable v3 Beta

I was asked to post this as it is now open to all.


I'm delighted to let you know that the Anti-Executable v3 beta is
ready to go. We have tested this product extensively in our QA lab,
but we require feedback from real customers to finalize the product.
Major changes in v3 include:

1. Faronics Core Console support (for central deployment,
configuration, scheduling, and control) of Anti-Executable Enterprise.

2. Windows 2000/XP 32-bit/XP 64-bit/Vista 32-bit/Vista 64-bit support
added and Windows 95/98/Me support dropped.

3. New White List scanning and parsing architecture.

4. Multiple White Lists available.

5. Central White List "deployment" in Anti-Executable Enterprise.

6. White Lists can be viewed and edited.

7. White Folder feature added to exempt a CD-ROM, USB device, disk, or
network drive from Anti-Executable protection.

Anti-Executable Standard can be downloaded from:

Anti-Exectuable Standard:
http://www.faronics.com/exe/ae3/Faronics_AES.zip

We require feedback as soon as possible so that we can make any final
changes required and start shipping this to our patient Ant-Executable
v2.x customers. Please send any feedback as soon as you can to: betaprogram@faronics.com
.

 

These are the most interesting new features of AE Standard v3, unfortunately I'm not a beta-tester.

 

I will give it a try on Windows Server 2008 in VMWare.

 

So far on Server 2008 it installs ok but when holding shift key, double clicking the icon the GUI come up and doesn't ask for admin password.
Min later pop ups start for windows files with allow or deny.
This makes it a HIPS. How can this now be used in schools ect?

 

Yes that is strange. The password should be there.
Normally AE starts with creating the whitelist during installation, they seem to have changed that too, not so good.
Are these popups for executables or other files ?

 

It allows you to set up a password and different accounts and permissions. It is on the GUI when you double click the tray icon and hit shift. Other then that, I dont know squat about using it.

 

I hope AE will have a free edition.
Is there any similar one in free?

 

I sure hope this isn't the case either as it's an excellent manner to keep honest items safely isolated.

This once again re-enforces my experiences over the years that not every NEW version equates to being better as such. I still feel in every single development of security apps they all do hit however on that ONE release that trumps all others, and that's the one i keep a close eye on and refuse to divert from.

SSM comes to mind, during it's developmental progressions and bug fixes plus added improvements they suddenly changed the entire registry setting GUI into a confused mess of icons and checkmarks and made it impossible for me to trust anymore, where before they were proceeding along nicely and everything was in proper working order.

I say look for that happy medium and once found hang on to it and don't be swayed from something that's proven itself SOUND & SECURE plus simple enough to understand.

EASTER

 

I'm almost sure that AE has still that automatic main whitelist like in AEv2 otherwise it would be
very uncomfortable to create that list manually like in HIPS.

I'm curious about the possibilities of the "Multiple Whitelists", besides the main whitelist. Maybe I can whitelist more objects than just executables and that would be nice, considering the immediate protection of AE.

The configuration of SSM takes too much time and I still don't understand why I have to do this manually in learn mode. After all my system partition is already clean, which means that all actions are valid ones, only the new actions AFTER the configuration of SSM are questionable and require the user's attention.
So an automatic configuration of SSM during its installation would be a big improvement.

 

I use the age old NoScript to neutralize VBS files into simple notepad executing, but would be a major benefit if they will cover more of these type invaders then simple executables, but i'm still not complaining, AE strikes EXE'S down with INSTANT authority and thats a bonus for this type of app not WhiteListed as Safely Isolated.

EASTER

 

well tell me if there is because after the scan I am not going to spend days checking each box for trusted.

 

Me neither, I didn't buy my computer to guard it like a hawk and watch every move it makes, that's no life. I like to have fun with my computer.

 

Windows Server 2008 (experimental)

VMware-exp build-84113

Installed AE

Set admin passowrd not any other trusted users

rebooted and it did it's scan

rebooted again and this could be because of 2008 Server I am not dure but got the following popups and chose to add to white list


taskeng.exe
msdtc.exe
taskeng.exe ( again)
rundll32.exe

looking at white list they do show up but there is a tick make you can add to the right side of them to make them trusted and so when you get the popup and click the trust and add button I am guessing it is white listed but not trusted at this time and so when you reboot you get the same popups.

I don't know the rules from Faronics for posting any screen shots here so I won't

 

You can post screen shots if you please.

 

has Anti Executable a build in malware detection ? if not how do you know that the initial scan result would be trustworthy ?

 

Quite true. The system must be malware free prior to its installation.
AE does not have a malware detector.

 

HI ALL

btw ... anyone knows how to install AE to scan only c:\ ?? i have lots of files in other partition and dont want the install scan there

10x

 

Well that's not AE's role.

Vista support sounds great. I will get it once its out of beta and bugs have been ironed out.

 

Yep, installing AE on a dirty system = whitelisting the bad executables as well and that would be stupid.

Although AE has a 100% detection rate regarding executables, there are still malware that make advantage of good whitelisted executables to do their evil job, I think they call them "exploits".

 

If there was a wish list for AE, i would support hard to have them also cover scripting or is this coverage more suited you think for other alternative script blockers or HIPS?

One just can't forget ScriptDefender's full coverages of scipting but if only someone could buy out the source code and improve on it, and that would be a really useful addition.

AE is still the show stopper for executables and it's a welcome addition to any setup IMO. It's just that it would do them proud to build on such extra security IMO.

 

I guess,you hint to some malware that did'nt touch disk but reside only in memory,from there they can modify legal(white listed) programs already in memory without AE to intervene,but maybe you mean something different ?But if so Boclean to the rescue !

 

He means exactly what he said, if you have vulnerabilities in your whitelisted software then they can still be exploited. However if the final payload is still another executable, AE would kill that too.

 

AE scan all data for so longggggggg lol i can get to sleep for 100 years

 

I'm satisfied with the current previous version too. It just simply works, and without issue or some other new dimensions to have to contend with like it or not i guess.

EASTER