Secure Folders to protect folders (and use as anti-executable)

Discussion in 'other anti-malware software' started by Windows_Security, Oct 21, 2014.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    This is weird, because explorer.exe should not be able to modify files in "read-only" mode, but apparently Windows still allows it. So trusting explorer.exe means no protection with SF.
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Couple of thoughts. When I am doing something where there might be a ransomware threat, I image c: and use Secure Folders to protect the other two drives. Under those conditions No trusted programs period.

    Secondly as to WinPE. Silly to worry about it, none of the other security software is working either. Just use it for restores.
     
  3. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    Is any of you mentioned, if SF added to Windows Explorer menu then Win + X menu is not working properly (Windows 10)?
    Does not open anything.
     

    Attached Files:

  4. Agree
     
  5. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,063
    Location:
    Mexico
    Of course, security programs have to be awake and watching through drivers or policies on a LIVE running system otherwise how we'd expect them to do their job?
    Encryption? That's another story.
     
  6. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    I can confirm that when I'm in Shadow Mode (Shadow Defender) SF don't work.
    I can delete/rename files/folder that are protected by SF.

    And can also confirm that SF context menu when is turned on don't allowed Win+X menu to work properly.
     
  7. majoMo

    majoMo Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    993
    Strange, Djigi.
    Using here Toolwiz Time Freeze - and I can do such operations in Freeze Mode.
    o_O
     
  8. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    You can do what operations?
    Maybe you mean that in Toolwiz Time Freeze this does not happen?
     
    Last edited: Mar 7, 2016
  9. majoMo

    majoMo Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    993
    • I cann't delete/rename files/folder that are protected by SF.
    • Yes. With Toolwiz Time Freeze this does not happen.

    At least if I did the test well... ;)
     
  10. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    I have try now.
    Install Toolwiz on my virtual pc, add SF, go to frozen mode and SF protecting files.
    Shadow Defender don't do that in shadow mode...o_O
     
  11. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    Found an free alternative called SecretFolder it's not usable as Anti-executable but good enough for normal users because it also can protect from been uninstalled + it's not bypassed in traditional ways (like with cmd [but WinPE]).
     
  12. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,974
    Location:
    Poland - Cracow
    It was mentioned already on first page this thread and it happened not in all systems. Maybe it's caused by new version of SD or SF...or system updates?...
     
  13. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,604
    Nicht übel, but: it can only lock and unlock folders. Unfortunately, it lacks some useful features found in SecureFolders, such as preventing files from execution. Anyway, thanks for posting. Much appreciated.
     
  14. Solution to explorer being exploited is to protect it with MemProtect (see Bouncer thread).

    Just tested it with Secure Folders on Windows 32 bits. Problem with Memprotect is that it is ini file configuration based, so not user friendly setup
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    I tested this tool years ago, and it was complete crap back then.
     
  16. lovelyjubbly

    lovelyjubbly Registered Member

    Joined:
    Feb 18, 2015
    Posts:
    4
    Just found this thread and Secure Folders may be just what I'm looking for:

    I backup my entire system using Macrium Reflect to 1 Folder on my external usb hard drive.

    I then make that 1 folder Read Only in SF.

    I then add Macrium Reflect as the only allowed App in SF.

    Am I now protected against Ransomeware?
     
  17. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    Ransomware can still infect your PC and all files that are not protected with SF.
     
  18. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,437
    Location:
    Under a bushel ...
    I do the same, I think so. See this post.
    Sure. But the concern is that the connected backup drive image is protected, so that one can recover.
    I recall you did some testing not long ago. Would you concur that the connected backup drive image is protected by Secure Folders, if the containing folder is in Read Only mode (with the imaging program as the only Trusted Application)?
    .
     
    Last edited: Mar 15, 2016
  19. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    As I said, all files that are not protected by SF is not protected.
    Unable to test but I'm pretty sure that this drive will be secured.
     
  20. lovelyjubbly

    lovelyjubbly Registered Member

    Joined:
    Feb 18, 2015
    Posts:
    4
    Thanks for the replies, I'm not too concerned if the main computer is encrypted, as Macrium images the entire machine.

    Using Macrium Rapid Delta Restore would mean only a few minutes to restore the entire machine to before the infection.

    I was concerned if the attached drive was encrypted as well...

    All user data is also backed up to Dropbox or similar services which offer global restore.

    PS, all machines are protected by BitDefender and MalwareBytes Pro as well.

    So I'm hoping SF completes the protection :)
     
  21. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Would someone mind sending me secure folders? I thought I had it bookmarked.
     
  22. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,063
    Location:
    Mexico
    I'm pretty sure you had but now that domain has expired, lol.
    I have a copy of the installer by clicking the link on my sign.
     
  23. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
  24. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Thanks. I meant reizors link
     
  25. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.