Faronics Anti-Executable v4.20

Discussion in 'other anti-malware software' started by wat0114, Dec 30, 2011.

Thread Status:
Not open for further replies.
  1. wat0114

    wat0114 Guest

    Has anyone tried it or currently using it? I took it for a short test drive in the Win7x64 vm and it seems to offer impressive protection, even going so far as blocking OLE control extensions (.ocx), which AppLocker did not do on the same test. It will monitor DLLs and allows one to add users to its administrative list, as well. The one problem I did have with it is shown in the ss, where the whitelist took several minutes to open, and it wouldn't allow me to cancel out of it. Otherwise, on a short test it appeared solid.
     

    Attached Files:

  2. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA
    Not looking to divert the thread to otherwise but what Faronics A-E does look very similar to Blue Ridge AppGuard. I tested it around 8 or 9 months ago and it looked like it offers good protection although the interface looked kind of awkward to me at that time. Haven't tried again, though.
     
  3. wat0114

    wat0114 Guest

    No worries, Zyrtec. Actually, I saw the forum on it, and I'm looking at AppGuard currently in the VM. The lack of driver signing seems to me to be something the developer's ought to address.
     

    Attached Files:

  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Interesting... AppLocker should block .ocx. I'm wondering if it's a bug? I'm assuming the .ocx was in a non-allowed location? :D

    -edit-

    http://technet.microsoft.com/en-us/library/dd759068.aspx

    In DLL it mentions both .dll and .ocx

    I have seen odd events in the past with AppLocker, such as allowing .dlls from a standard user profile. I posted about it back then.

    But, I'm wondering if AppLocker is allowing .ocx because cscript.exe is in a trusted location? o_O I know it sounds weird... but it's either that or a bug.
     
    Last edited: Dec 30, 2011
  5. wat0114

    wat0114 Guest

    You are right, m00nbl00d, something I had forgotten about, especially since I hardly ever see .ocx AppLocker events, and rarely see anything .ocx-related in my Windows adventures. So, I did some more testing, and the explanation is revealed in the SS. It's a Microsoft signed DLL, which I allow in the policy :)

    This now has me wondering if Anti-Executable is at fault here, because sholdn't wshom.ocx have been in its initial whitelist it built when it scanned after installation? At least I can conclude that AppLocker worked as intended :D Anyway, thanks for the heads up, m00nbl00d :thumb:
     

    Attached Files:

  6. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    If you used this full time, would you use it in addition to either AppLocker or SRP? I'm on Pro so I am limited to SRP and currently use AppGuard with it but your write up with pictures on AE strikes my interest
     
  7. wat0114

    wat0114 Guest

    No, I'd probably only use one or the other, whichever I thought offered the best combination of system protection with lowest resources, the latter criteria AppLocker or SRP would win by a landslide, I'm sure. I just wanted to try AE mostly out of curiosity. I get the feeling I'll likely stick with AppLocker, but if I didn't have that or SRP, I'd give AE serious consideration, although I didn't like the severe lag on the launching of the whitelist. It seems virtually impossible to find 3rd party security software devoid of at least a few annoying bugs, thus my proclivity for utilizing what's already built into the O/S :)
     
    Last edited by a moderator: Dec 30, 2011
Loading...
Thread Status:
Not open for further replies.