FDISR + Anti-Executable

Discussion in 'FirstDefense-ISR Forum' started by ErikAlbert, Apr 29, 2007.

Thread Status:
Not open for further replies.
  1. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I installed Faronics Anti-Executable Standard v2.20.00.0255 today in my frozen on-line snapshot.
    http://www.faronics.com/html/AntiExec.asp

    I've put it on HIGH Security Settings and it

    1. Blocks unauthorized 16-bit executables
    2. Blocks unauthorized 32-bit executables
    3. Protects Anti-Executable Standard directory from access and tampering
    4. Blocks unauthorized drivers and .dll files
    5. Network Prevention is enabled

    I couldn't enable "Delete Prevention" yet.
    I couldn't enable "Copy Prevention" yet.
    I still have to figure out how to enable these.

    It's a well hidden software :
    1. It doesn't appear in the "Add or Remove Programs", so you can't uninstall it.
    2. It doesn't appear in the menu of "All Programs"
    3. The icon is visible, but can be hidden and doesn't react on click or right click.
    4. You can see a folder under "Program Files", but you can't access it.
    5. You need a password to change the configuration or to turn it OFF.

    Quite an unusual software. I hope its protection is also unusual strong. Time will prove.

    This software is an evergreen of course and will be always usefull, because it doesn't require signature updatings. :)
     
  2. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Delete and copy protection boxes should become available when you set AE to the high setting. You simply tick the boxes to enable them. You may find you have trouble downloading files when AE is set to high.
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    It isn't that simple. The copy/update function of FDISR, which adds, deletes and replaces objects during its execution,
    does NOT like the delete and copy protection of Anti-Executable and this in combination with re-freezing.
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I had to put Anti-Executable on LOW Security and now it

    1. Blocks unauthorized 32-bit executables
    2. Protects Anti-Executable Standard directory from access and tampering
    3. Network Prevention is enabled.

    It's too demanding on HIGH Security.

    So the purpose is to prevent installation/execution of unauthorized 32-bit executables immediately during the period between two reboots.

    Infections that bypass
    1. Look 'n' Stop (= Firewall of Straw) and/or
    2. Anti-Executable
    in that period, will be killed during each reboot by the Industrial Freeze Technology of FirstDefense-ISR.
     
    Last edited: Apr 29, 2007
  5. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Yup imagine not having the email that follows the download. :eek: While searching Faronics and also asking for help, I wondered if you could access the program by hotkey then found hotkey+click got me in.

    Had a problem with an exe no matter what I allowed as the program also had self extracting files with an exe, copied and deleted itself on update.
     
  6. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: I entirely agree w/ Erik, AE is an evergreen. But it requires a yearly maintenance fee. User can upgade it during that period, and perhaps reinstall. What would happen after one year, can user still be able to reinstall w/o paying another annual fee? Like to find out, help. Thanks.
     
  7. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    I have emailed them before about this matter. The maintenance fee entitles the user to free product support and free product upgrades for however long they want to pay the maintenance fee. After it expires the user can still use the software but with no support or updates. So it really is an evergreen.
     
  8. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    You could try adding fd-isr to the trusted app list and see if that helps.
     
  9. EASTER.2010

    EASTER.2010 Guest

    Looks like Erik is taking a noble stride to finally discover the proverbial perfect impenetrable IRON-WALL! :thumb:

    AE is definitely a heightened hardening program beyond most others. All the best for a successful conclusion.

    I admire the tenacity to create the perfect shield!

    I been after this all along myself with excellent results (HIPS), but am not at the total mark i want to achieve just yet. Waiting for another new innovation to mysteriously & suddenly surface which nothing can overcome or bypass on the order of a AE. Perhaps something more deviously clever than malware that could change all system executables to another format completely, without losing original functionality and thus render all the common file types & associations not modified in this new manner or (stamped safe) totally useless & thus harmless. I dream a lot! :D
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Although AE is pretty good in blocking unauthorized executables, it doesn't protect you against exploits that use authorized executables to do their evil job. Scripts also seem to be a problem for AE.
    My firewall of straw isn't foolproof either and I don't trust DefenseWall either.

    But that doesn't matter, because my frozen snapshot will take care of the rest, whatever happens, I only have to reboot to get my clean computer back.
    Each infection causes a CHANGE in my snapshot and FDISR is good in removing changes and that is my final ultimate weapon.
    I only need firewall, AE and DW to save the day. The next morning or the next reboot everything is back to normal. :)
     
  11. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
  12. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Lucas,
    Sorry man, but my knowledge is very poor regarding Internet and Malware.
    I don't understand, what you are trying to tell me. Could you explain this a little better in plain English.
    I can see that AE stopped something, but I don't understand what it stopped. :D
    Was AE on HIGH or LOW security ?
     
  13. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I was trying to prove that hijacking whitelisted executables isn't possible with AE. If I'm not mistaken, scripts are treated as executables by AE.
    Rmus is the author of those tests and our resident expert of Anti-Executable.
     
  14. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Oh I see, your example was a SCRIPT, not a single executable.
    In that case, I'm safer than I thought. Thank you very much. :cool: :)
     
Thread Status:
Not open for further replies.