Secure Folders to protect folders (and use as anti-executable)

Discussion in 'other anti-malware software' started by Windows_Security, Oct 21, 2014.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,430
    Location:
    U.S.A.
    Might have something to do with sub-directories?

    In Windows_Security's security case, the .exe was located in the drive's root directory. In Djigi's case, the .exe was located in a sub-directory.
     
  2. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    I'm running Secure Folder portable and this .exe applications was also portable.
     
  3. :sick: Sorry for the confusion, I had set a manual deny execute ACL for Everyone on the root directory myself, will delete my posts :blink:
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    15,224
    Location:
    The Netherlands
    I will respond in the SS thread.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    15,224
    Location:
    The Netherlands
    Yes I understand, but did you test it with the read only option? What happens when you use lock down mode with explorer.exe being trusted? Can explorer.exe still modify files? If so, then SF would fail against ransomware.

    It doesn't use a driver, I wonder if this makes it less secure?
     
  6. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    819
    Location:
    U.S. Citizen
    How about using Kruptos 2 Professional, in which against ransom-ware!
    It a paid software and I am not sure,but I think that it a lifetime Lic.,key.
    http://www.kruptos2.com/


    https://www.youtube.com/watch?v=WNYMKZeWuRQ
    Look at replies 2 & 3.
     
  7. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    I compared 2 picture files.
    One is protected with SF and another is not.
    Properties-Security tab - on protected file there is a lot of Account Unknown.
     

    Attached Files:

  8. @Djigi as mentioned earlier, it uses regular Access Control List feature of NTTFS, combined with other user access to allow access of specified processes.. That is also the reason why I set winword as no-execution and allow it at the same time. This captues winword in a LUA box (allow to access it in Medium Level Integrity, but being blocked when you try to run it as admin). So actually that is a nice feature (driver recognised a trusted processes and allows access through another user).
     
  9. Online_Sword

    Online_Sword Registered Member

    Joined:
    Aug 21, 2015
    Posts:
    146
    Does this mean that Secure Folder can and only can do what we could do by manually configuring the security property tab? I have not tried this software, so please correct me if I misunderstand it.
     
  10. With Access Control List (security tab) you can set NTFS permissions per USER

    Secure Folders adds the option to ALLOW specified processes ACCESS

    The Secure Folder driver intercepts file access and checks whether this process is on the ALLOW list:
    - not on the allow list=> apply NTFS permissions
    - on the allow list => access file/folder/extension through another user (the unknown user), these users are standard users (not admins)

    When you put a no-execute on the excutable itself it can't elevate to Admin and runs in Standard user (LUA) sandbox (because it is only allowed to run as unknown user).
     
  11. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    Does anyone know what would happen to the files/folders if I set Read only or No-execution on one partition (e.g. D: ) and then reinstall Windows?
    Will this files/folders ( on D: ) be readable or not?

    Tnx
     
  12. Online_Sword

    Online_Sword Registered Member

    Joined:
    Aug 21, 2015
    Posts:
    146
    I guess here you mean that if I set an executable as Trusted Application but do not set it as "No-execution", then it would be able to elevate to Admin, right?
     
  13. Correct
     
  14. Online_Sword

    Online_Sword Registered Member

    Joined:
    Aug 21, 2015
    Posts:
    146
  15. Online_Sword

    Online_Sword Registered Member

    Joined:
    Aug 21, 2015
    Posts:
    146
    One more question here:

    If the Trusted Application feature is implemented with user accounts, I guess it could be inherited, correct? I mean, if I set windows explorer as Trusted Application, would the other processes launched by windows explorer be automatically set as Trusted Application, or not?
     
  16. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    BUMP :rolleyes:
     
  17. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
  18. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    Secure Folder is not free :thumbd:
     
  19. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,981
    Location:
    Poland - Cracow
    Sorry Rasheed but because of private matters I have not enoug time now to test and reproduce such things...I remember two alerts but not exactly their content.
     
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    You might try setting the files as you want, and then uninstall SF. I doubt anyone is going to take the time to test your scenario
     
  21. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    OK, tnx for idea :thumb:
     
  22. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    I uninstall SF i all settings/protection are gone.
     
  23. pasmal

    pasmal Registered Member

    Joined:
    Jan 25, 2015
    Posts:
    55
    I was curious about this program, especially the portable feature, so I gave SF a try.

    The problem with the portable version is you have to re-apply your SF settings once you plug your external drive into another computer. At least, this was the case for me when I tried to use the Hidden feature on a few folders for testing.

    Anybody else experience this?
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    15,224
    Location:
    The Netherlands
    You never answered my question. Is it true that when you add explorer.exe as a trusted process, it can modify files inside a locked folder? Because normally you will not make a folder read only because then you can only add files to the folder when SF is disabled. I'm almost sure SF will fail against ransomware when in lock mode. I believe SpyShelter uses the same method and it also fails when explorer.exe is trusted.

    No problem, I believe hjlbx already answered the question. If explorer.exe is allowed to modify files, SS can't protect data against ransomware. It should pass if explorer.exe can only read files, similar to Secure Folders.
     
  25. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    I'm not sure if understand right.
    I should test like this:
    - add Explorer to trust apps
    - make folder with documents Read only with SF
    - run Ransomware
    - check documents folder
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.