Keeping Programs from Auto Opening Browsers

Is there a way to keep programs from auto launching browsers? Like if you install or uninstall a program, they want feed back or something like that and it launches the browser. Quite annoying.

 

This is something that annoys me also. I hope that EXE Radar will add protection against this in the future, I already requested this. The last time I checked, SpyShelter couldn't block this, to my surprise.

 

Classical HIPS that can monitor parent-child relationship when processes are launched can be set up to prevent those launches. For instance, Malware Defender could do that.

 

Couldn't you just rename the default browser exe; ie : iexplore.exe to rename.exe ?

I don't use Sandboxie but I imagine you'd need to make an adjustment there. Also, you'd have to revert the browser exe name when updating it.

 

I don't think that most of this uninstallers are actually launching browser this way. Mostly they just want to open specific site using default browser. Like clicking a link in a document or mail... Maybe removing default browser would help, but I don't know if this is possible.

EDIT: I found this suggestion: http://superuser.com/questions/5784...er-so-the-system-asks-what-browser-to-use-whe

 

Good find.

Out of curiousity, I'll try both methods sometime in the future when I'm not swamped. On my rename the default browser conjecture -- because of IE's relationship with the OS, it might not be the ideal browser to reach a proper conclusion. Best to also, or just, try another.

 

Thanks for the info everyone. I might give the renaming my browser a shot. My default is Chrome, so I'll give it a try.

 

What I might do is, since I have Chrome as my default, I just might make Waterfox my default and rename that since I don't use it much. What about that?

 

A classic HIPS with the ability to control parent/child permissions can intercept these attempts. On most of them, you'll have to enable this ability. It's usually not enabled by default.

 

i hate this too. self-important programs.

i had considered making a portable browser as my default so that at least the bloated IE wouldnt take all day to fire up. the best is when the internet connection is disabled and they try to open a page

 

Yes I can only block such browser launch by classical HIPS. I found an examples on how to block such broser launch here in these links,

Comodo HIPS
xttps://forums.comodo.com/defense-sandbox-help-cis-b136.0/-t105858.0.html

Online Armor Premium
xttp://malwaretips.com/threads/farewell-emsisoft-online-armor.44291/

In Outpost Firewall Pro just set Block in the AntiLeak for Network Enabled Application Launch.

xttp://malwaretips.com/threads/block-a-browser-launch-from-a-shell-link-in-eset-hips.7172/

Or,

you can use EXE Radar and block your default browser. If you use Chrome as your default browser then set IE as your default browser and block iexplorer.exe in EXE Radar.

 

Try setting up password protected commandline with EXE Radar Pro.

"You can also password protect the execution of specific commandline strings (wildcards are also supported)."
http://novirusthanks.org/help-files/exe-radar-pro/#password-protect-processes

1. Set password and protected commandline
2. Click 'Cancel' to block it when you get the password dialog

For Chrome:

Code:

*\chrome.exe" *-- http?://*

 

The problems:

1. do you always know when the ill behaved app/installer will do this
2. is there a reason to actually make rules for an install or uninstall? just how many times does something get installed/uninstalled?
3. do you want an "automagic" method, or will manual work

Solutions abound I assure you. But, it isn't quite a clear cut situation. A loop could be made to run, on user command that just shuts specific processes down as soon as they open. OS mechanisms could be employed, such as permissions or SRP types. Regedits to disassociate filetypes and defaults. Renaming, moving, copying, etc etc etc.

Seems to me the first thing one must decide is just when does this "protection" need to be active. That would likely determine the method used. My bet the best method is to trigger the "method" when installing/uninstalling. There once was an application that could detect installers.. that was years ago now though and I cannot remember its name. But it was really nifty for such purposes.

Sul.

 

Exactly Sully, it doesn't happen but a couple times a year. I've seen malware open browsers also. Just wondering if there was a registry or policy I could incorporate to keep this from happening.

 

Make a system backup before you install a new app. When you want to get rid of that app, use that backup and forget the uninstaller. If you keep your OS and data on separate partitions, you won't lose data when you do.

 

I just made IE my default browser, then blocked it with Group Policy. Works good.

 

I wondered if that would work; does it interfere with normal browsing?

 

Not all uninstallers are that dumb. Some will go to extraordinary lengths to get a connection, looking at proxies you may have set up etc, and will find your other browser regardless. It certainly isn't an effective anti-exploit measure.

 

It wasn't intended for a anti exploit measure. Just for basic uninstallers of programs that I install.

 

No sweat. It was just that you said:
"I've seen malware open browsers also".