Keeping Programs from Auto Opening Browsers

Discussion in 'other software & services' started by Infected, Jul 13, 2015.

  1. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    665
    Is there a way to keep programs from auto launching browsers? Like if you install or uninstall a program, they want feed back or something like that and it launches the browser. Quite annoying.
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    This is something that annoys me also. I hope that EXE Radar will add protection against this in the future, I already requested this. The last time I checked, SpyShelter couldn't block this, to my surprise.
     
    Last edited: Jul 13, 2015
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,069
    Classical HIPS that can monitor parent-child relationship when processes are launched can be set up to prevent those launches. For instance, Malware Defender could do that.
     
  4. wshrugged

    wshrugged Registered Member

    Joined:
    Jun 12, 2009
    Posts:
    202
    Couldn't you just rename the default browser exe; ie : iexplore.exe to rename.exe ?

    I don't use Sandboxie but I imagine you'd need to make an adjustment there. Also, you'd have to revert the browser exe name when updating it.
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,069
    I don't think that most of this uninstallers are actually launching browser this way. Mostly they just want to open specific site using default browser. Like clicking a link in a document or mail... Maybe removing default browser would help, but I don't know if this is possible.

    EDIT: I found this suggestion: http://superuser.com/questions/5784...er-so-the-system-asks-what-browser-to-use-whe
     
  6. wshrugged

    wshrugged Registered Member

    Joined:
    Jun 12, 2009
    Posts:
    202
    Good find.

    Out of curiousity, I'll try both methods sometime in the future when I'm not swamped. On my rename the default browser conjecture -- because of IE's relationship with the OS, it might not be the ideal browser to reach a proper conclusion. Best to also, or just, try another.
     
  7. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    665
    Thanks for the info everyone. I might give the renaming my browser a shot. My default is Chrome, so I'll give it a try.
     
  8. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    665
    What I might do is, since I have Chrome as my default, I just might make Waterfox my default and rename that since I don't use it much. What about that?
     
  9. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    A classic HIPS with the ability to control parent/child permissions can intercept these attempts. On most of them, you'll have to enable this ability. It's usually not enabled by default.
     
  10. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    i hate this too. self-important programs. :(

    i had considered making a portable browser as my default so that at least the bloated IE wouldnt take all day to fire up. the best is when the internet connection is disabled and they try to open a page :D
     
  11. Dundertaker

    Dundertaker Registered Member

    Joined:
    Oct 17, 2009
    Posts:
    385
    Location:
    Land of the Mer Lion
    Yes I can only block such browser launch by classical HIPS. I found an examples on how to block such broser launch here in these links,

    Comodo HIPS
    xttps://forums.comodo.com/defense-sandbox-help-cis-b136.0/-t105858.0.html

    Online Armor Premium
    xttp://malwaretips.com/threads/farewell-emsisoft-online-armor.44291/

    In Outpost Firewall Pro just set Block in the AntiLeak for Network Enabled Application Launch.

    xttp://malwaretips.com/threads/block-a-browser-launch-from-a-shell-link-in-eset-hips.7172/

    Or,

    you can use EXE Radar and block your default browser. If you use Chrome as your default browser then set IE as your default browser and block iexplorer.exe in EXE Radar.
     
  12. busy

    busy Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    106
    Try setting up password protected commandline with EXE Radar Pro.

    "You can also password protect the execution of specific commandline strings (wildcards are also supported)."
    http://novirusthanks.org/help-files/exe-radar-pro/#password-protect-processes

    1. Set password and protected commandline
    2. Click 'Cancel' to block it when you get the password dialog

    For Chrome:
    Code:
    *\chrome.exe" *-- http?://*
     
  13. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    The problems:

    1. do you always know when the ill behaved app/installer will do this
    2. is there a reason to actually make rules for an install or uninstall? just how many times does something get installed/uninstalled?
    3. do you want an "automagic" method, or will manual work

    Solutions abound I assure you. But, it isn't quite a clear cut situation. A loop could be made to run, on user command that just shuts specific processes down as soon as they open. OS mechanisms could be employed, such as permissions or SRP types. Regedits to disassociate filetypes and defaults. Renaming, moving, copying, etc etc etc.

    Seems to me the first thing one must decide is just when does this "protection" need to be active. That would likely determine the method used. My bet the best method is to trigger the "method" when installing/uninstalling. There once was an application that could detect installers.. that was years ago now though and I cannot remember its name. But it was really nifty for such purposes.

    Sul.
     
  14. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    665
    Exactly Sully, it doesn't happen but a couple times a year. I've seen malware open browsers also. Just wondering if there was a registry or policy I could incorporate to keep this from happening.
     
  15. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Make a system backup before you install a new app. When you want to get rid of that app, use that backup and forget the uninstaller. If you keep your OS and data on separate partitions, you won't lose data when you do.
     
  16. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    665
    I just made IE my default browser, then blocked it with Group Policy. Works good. :)
     
  17. Rolo42

    Rolo42 Registered Member

    Joined:
    Jan 22, 2012
    Posts:
    569
    Location:
    USA
    I wondered if that would work; does it interfere with normal browsing?
     
  18. Kobayashi maru

    Kobayashi maru Registered Member

    Joined:
    Nov 7, 2009
    Posts:
    124
    Location:
    Drivin' all night my hands wet on the wheel....
    Not all uninstallers are that dumb. Some will go to extraordinary lengths to get a connection, looking at proxies you may have set up etc, and will find your other browser regardless. It certainly isn't an effective anti-exploit measure.
     
  19. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    665
    It wasn't intended for a anti exploit measure. Just for basic uninstallers of programs that I install.
     
  20. Kobayashi maru

    Kobayashi maru Registered Member

    Joined:
    Nov 7, 2009
    Posts:
    124
    Location:
    Drivin' all night my hands wet on the wheel....
    No sweat. It was just that you said:
    "I've seen malware open browsers also".
     
Loading...