Ping Rmus..

"lo Rich

Just wanted to ask about a/your best recommendation/experience re Anti.exe tools/white listing tools atm ?
Any single app stand out ?
Combos.?

I'm experimenting to re-finesse the system here.

How did it go with Faronics newer versions ?

ANy others ?

OA as a whitelister

PS:
I've re-read this thread: https://www.wilderssecurity.com/showthread.php?t=171576
Any updates iyo ?

PPS: where have your pages gone ??

 

Hello, Longboard,

I've been away for awhile, and just now saw your thread.

I confess to not keeping up with newer products. By many accounts, there are a number of products that have incorporated anti-execution protection. I would do some serious testing, because in past years, some products filtered by file extension only, which is the weakest protection. Also, some products can be bypassed by extension spoofing. This is easy to test.

I renamed a text editor from metapad.exe to metapad.tmp to demonstrate how the command prompt or the windows script host doesn't care about file extensions -- metapad.tmp will launch:



Now, I take an executable not on the White List (Firehole.exe) and rename to Firehole.tmp. The Anti Execution Program should alert:



It's evident that AE checks the code and not just the file extension.

You will notice that the alert is Default-Deny. This is the most robust protection, since the user should not have to be prompted whether or not to allow a non-white listed executable to run in a remote code execution exploit.

I haven't checked the latest releases of Version 3, but early on, they added the option to have the White List created automatically on installation, which was the way version 2 did it.

I'm rebuilding that site, since much was outdated!

-rich