File System Protector v1.0 - Lock Files\Folders, Deny Write Access to Files

Discussion in 'other anti-malware software' started by novirusthanks, Dec 10, 2015.

  1. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    704
    Location:
    Italy
    Released a new program:
    http://www.novirusthanks.org/products/file-system-protector/

    file-system-protector-gui.png

    Rules are easy to write thanks to wildcarding and aliases:

    Can be used, for example, to lock the startup folder (so processes can't drop files there), prevent modification of specific files (so cryptolocker can't hijack them), lock a file so processes can't even access it, etc. You can exclude trusted applications by simply writing the wildcard to exclude a process, example *\process.exe would exclude process.exe from any rule.
     
  2. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    It's not gooood...
    Such tools are more needed for avarege and less-average users who want protect own files like documents, sheets, photo, mp3, etc. It was mentioned on WS that you are going to release something like abandoned Secure Folders but I expected app more handy and easier to use.
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,040
    Hi Andreas

    I have to agree with ichito on this. In secureFolders the gui is extremely simple, and it's one click to turn the protection on or off. In so many ways I trust your programming more, but this needs to be as simple as ERP

    Pete
     
  4. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    533
    Location:
    UK
    securefolders is better imho, so easy to use it even has a context menu option.
     
  5. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    1,764
    Location:
    Mexico
    I think is better respect GUI only, also I'm sure Andreas' programming stronghold and skills are much better just like Peter2150 already said.
    Anyway I'm going to try this one Andreas and please forgive me if I look ungrateful for asking too for a nice GUI.
     
  6. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,066
    Location:
    Netherlands
    NVT provides all the components to create a second sandbox around chrome
    1. Smart object blocker
      a) Only allow chrome to launch chrome.exe
      b) Only load Microsoft signed DLL's from Windows and Google Signed from Program Files\Google\Chrome\

    2. File System Protector
      a) Allows Chrome to read only system wide
      b) Allows Chrome to write t Downloads and UserProfile\Appdata\Local\Google

    3. Registry Guard
      a) Allows CHrome to only access it own registry keys for update (create/write/delete) intend

    Secure Folders is nice, but is unlikely to receive updates, so count your blessings.
     
  7. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Not for XP, but I don't need this proggie anyhow.
     
  8. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,066
    Location:
    Netherlands
    Application for XP: put vulnarable programs like office (or libre office) and Chrome in a LUA sandbox by denying them write access for Windows and Program Files
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,040
    This is why there is real need for a GUI. I tried writing two simple rules, block write access to my F and G drives. Not at all successful. I suspect this program is much stronger the securefolders, but not if it's this difficult.
     
  10. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    1,764
    Location:
    Mexico
    Could you do a quick update to your installer capable of creating a scheduled task for start up with Windows?
    I did one but something's wrong.

    Btw Is it normal for FSProtector.exe to be killed by Process Explorer (me at will)? My folder became vulnerable again...
    How about a malware able to kill that process?

    I really don't understand or something's wrong with the program?

    Edit~ FYI even if I kill SecureFolders GUI program the file system mini-filter driver is still protecting...
     
    Last edited: Dec 11, 2015
  11. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Interesting Kees and thanks again. Knew you would tinker with this one to draw out Maximum benefit :p

    I also echo the Thumbs Up suggestions for a GUI. Andreas makes the best ones too. I say that in favor because of the customizable AUDIO alerts that are so effective in ERP. You can walk away from the PC/Lappy and when something like an unneeded SetUp.exe update tries to sneak it in anyway, it's either pre-blocked by Rules or Held Up until examined the path etc. first. That AUDIO alert is a great benefit so is the entire GUI. :thumb:
     
  12. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    731
    Hmmmm, I think I will use Secure Folders for .NET and Powershell hooplah, and FSP for the rest...
     
  13. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    704
    Location:
    Italy
    @Mister X

    On this first version, FSProtector has no self-defense or similar, hence it can be killed\terminated by Task Manager or Process Explorer.

    @Peter2150

    Which are the rules you used ? FSProtect can deny write access to files, not to folders\drives.
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,040
    Just block all write access to my F drive and G drive
     
  15. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    731
    ahhhh.... not to folders or drives... what a bummer!!!

    Any chance you could branch this off to include directory & drive blocks? Damn, might have to reinstall SpyShelter just for this feature :/
     
  16. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    533
    Location:
    UK
    securefolders can lock, hide, deny access to folders.
     
  17. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    731
    Yeah, but cannot differentiate between trusted apps and folder lists, so all trusted apps are exempt from folder restrictions. The same thing happens in AppGuard, where if the Guarded Apps Custom Folder setting is "Exception", then all Guarded Apps can see it.

    Trying out a couple more... Folder Protect is a trialware, but doesn't work in a LUA, so need to be running Admin account for it. Easy File Locker works in LUA. Both these apps kick up a fuss when trying to add Windows directories (wanted to add SoftwareDistribution, plus some others).

    Out of SF, FP and EFL, it seems that Secure Folders is the only one that allows additions of both user and system directories. I will see if File System Protector brings to the table. I was going to do a backup... woe is me.
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,040
    Ah, it can't protect folders and drives. That won't work for me.
     
  19. TestPersonX

    TestPersonX Registered Member

    Joined:
    Jul 13, 2009
    Posts:
    32
    @Peter: It can protect folders, can't it? See the first screenshots.
     
  20. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Ok, I understand it now. But the examples should really have ; in front so they aren't active.

    And this app has EXACTLY the same problem as SecureFolders. You can't make per rule exclusions. You can prevent apps from accessing specific resources, but you can only globally exclude the rules that can exclude one another.

    I want to create an exclusion that only applies to a specific rule. But I can also create a global exclusio if I want. This way you can create complex protective rules that don't exclude one another from protection. Can this be added?

    Also, GUI driven control would be a nice thing to have. I know advanced users are suppose to use this but still, I just love GUI's. It's 2016, we should really leave writing long complicated noodles behind us.

    Also, can variables be used within the rules? Like %temp% ?

    EDIT:
    Created rule that prevents anything reading my Firefox files other than Firefox itself. I quite like it :)
     
    Last edited: Jan 6, 2016
  21. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    731
    Seems like nobody wants to tackle the "no execution" or "no per rule exclusion" features that are so lacking in the basket of file/folder/drive watchdog apps...
     
  22. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    239
    Sad but so true.:(
     
  23. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,066
    Location:
    Netherlands
    Please explain andreas, on website it does mention folder protection

    upload_2016-1-7_10-37-10.png
     
  24. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    I don't find such possibility in SF but it's possible to do so in ThreatFire (still don't stops to be surprising :))...enter advanced tools and "custom rule settings"
    - create new
    - for any or specific process
    - tries access (write-create-delete-execute) or rename a file
    - in chosen folder/folders
    - except porcess on list of system/trusted/chosen processes
    So you can have individual rule for any folder you want.
     
  25. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    1,136
    Location:
    Cape Town, South Africa
    Pity Threatfire was also abandoned after Symantec acquired PC Tools.
     
Loading...