Isolating Removable drives with GeSWall?

Discussion in 'other anti-malware software' started by arjunned, Aug 4, 2009.

Thread Status:
Not open for further replies.
  1. arjunned

    arjunned Registered Member

    Joined:
    Apr 1, 2008
    Posts:
    191
    As the topic asks, is it possible to isolate removable devices is GeSWall, just like how they are done by default in Defensewall HIPS?
     
  2. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    it is possible, but i need some assistance on doing it...
     
  3. arjunned

    arjunned Registered Member

    Joined:
    Apr 1, 2008
    Posts:
    191
    ya i googled it and found it is. but couldn't find a way how. even setting a particular drive as isolated didnt work.
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I wil post it later. It's possible. I am out of home and too busy. Or just search there forums and their own forums.
     
  5. arjunned

    arjunned Registered Member

    Joined:
    Apr 1, 2008
    Posts:
    191
    I found this on their forums. But it does say wat exactly to input for usb devices/removable drives.

    @aigle: i just tried isolating my removable drive by inputing just the drive name, but it still doesn't work. For now i force the drive to run sandboxed in Sanboxie.
     
    Last edited: Aug 4, 2009
  6. tipstir

    tipstir Registered Member

    Joined:
    Jun 9, 2008
    Posts:
    830
    Location:
    SFL, USA
    Do you want these drives to run Rising PC Doctor can block them from running and scan for malware/antivirus/spyware first. I did try the Geswall add-on and see if it works myself nope but CIS Proactive Defense started to go crazy
     
  7. arjunned

    arjunned Registered Member

    Joined:
    Apr 1, 2008
    Posts:
    191
    Yes, i want them to run.
    Its just that i find a lotta worms/viri on my friends pen drives when i plug them in. I just dont want these nasties to have any access to my PC, utill i can remove them completely using MBAM.

    @aigle: can u isolate the pen drives by inputting the drive letters only, or is there another way?
     
  8. Henk1956

    Henk1956 Registered Member

    Joined:
    Dec 3, 2007
    Posts:
    55
  9. arjunned

    arjunned Registered Member

    Joined:
    Apr 1, 2008
    Posts:
    191
  10. arjunned

    arjunned Registered Member

    Joined:
    Apr 1, 2008
    Posts:
    191
    I agree. I find that most of the time, if i find an infection on my PC, its due to worms/viri from my friend's usb sticks.

    @Henk: I tried wat was mentioned in that thread, but still not able to get it to isolate my USB. :(
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    hey guys, geswall can do it very well. I am too busy for couple of days. Give me some days, when i wil get time, i will play with latest version with custom rules and then post it here with screen shots. You need to wait few days atleast.
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Nothing to mess with registry.
     
  13. arjunned

    arjunned Registered Member

    Joined:
    Apr 1, 2008
    Posts:
    191
    k thanks. :)
     
  14. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    ouch after this big all-deal i had with it, i reinstalled and everything goes weird, had to uninstall, which is a shame i liked it but sandboxie will do :p
     
  15. MagisDing

    MagisDing Registered Member

    Joined:
    Jan 6, 2009
    Posts:
    41
    Can't wait for that;)
    BTW: IMO, 2.9 is not a very stable version~looking for the following fixes.
     
  16. arjunned

    arjunned Registered Member

    Joined:
    Apr 1, 2008
    Posts:
    191
    I think 2.9 is pretty stable. Haven't had any glitches so far.
     
  17. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I got very little time. GW 2.9 on Win 7. Works fine.

    1.jpg
    2.jpg
    3.jpg
    4.jpg
    5.jpg
     
  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    More pics.

    6.jpg
    7.jpg
    8.jpg
     
  20. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    U can deny any execution from USB drive.

    1.jpg
    2.jpg
    3.jpg
    4.jpg
     
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    The rules described by Henk don,t work since previous version. They used to work before.

    Identity: \Device\Harddisk X
    Type: File
    Class: Threat Gates
     
  22. MagisDing

    MagisDing Registered Member

    Joined:
    Jan 6, 2009
    Posts:
    41
    Well,really appreciate for squeezing your time for making the detailed explanation.:thumb:
    Some questions:
    1.In OS Xp, sometime times the add rules doesn't work when you type the absolute path for the removable drives in the past version. Instead, we use \Device\Harddisk1 to make the rules take effect (supposed the removable one is the second drive besides the local harddisk) Has this problem been fixed?
    2. In addition, how to define a virtual partition(created by some encrypt softwares like truecrypt)? Some friends try to set absolute drive letter for it.The rule doesn't work properly.
     
  23. arjunned

    arjunned Registered Member

    Joined:
    Apr 1, 2008
    Posts:
    191
    Thanks aigle! Works perfectly now, by just inputing "X:\" instead of "\Device\X:\".
    I have a question. Does GeSWall only isolate exe's? What abt dll's, .ini's, and other file types. Just in case something other than exe's were infected.

    Cheers.
     
    Last edited: Aug 7, 2009
  24. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Every thing on X in this case.
     
  25. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi, Sorry I am not sure about these.
    1- may be a bug?
    2- Never tried.

    May be Henk or Kees can help or their support/ forums.
     
Loading...
Thread Status:
Not open for further replies.