Secure Folders to protect folders (and use as anti-executable)

Discussion in 'other anti-malware software' started by Windows_Security, Oct 21, 2014.

  1. I found which applications to trust to allow Microsoft Apps running in AppContainer, so this is my updated settings for SecureFolders to protect my personal files.

    upload_2016-3-23_9-47-31.png

    I have used Memprotect to protect the trusted applications from being exploited from user folders (since Ransomware is mainly executable based), Memprotect also completely isolates Chrome, so this combi provides nice free anti-exploit and anti-ransomware protection with standard Windows mechanisms (Secure Folders = ACL+alternate user, MemProtect = Protected Processes).
     
    Last edited by a moderator: Mar 23, 2016
  2. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    I have my docs and downloads folders in read only mode, a few other personal folders on my D drive in read only mode and my main downloads folder on D drive in hidden mode, is there anything I should add in trusted apps?
     
  3. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    I have add my Music folder in Read-Only and Foobar2000 in trusted apps.
    The same is with picture folder, added Irfanview in trusted apps just to be able to manipulate with pictures.
     
  4. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    I wish I could add my torrents folder :(

    I have found a possible bug/glitch which sucks!
    Secure Folders protection doesn't work at all (for me) if I go to any of the protected folders (on any computers) via network drives. Do you guys have this issue?
     
    Last edited: Mar 23, 2016
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    I switched this discussion from the ERP thread to Secure Folders thread.

    If you can access it on the LAN then I would bet you can access it by the WAN also. It sounds like a critical bug to me. Do you know if this affects read/write protection? Did you ever try writing a file to a write protected folder by the LAN? If you can then Secure Folders may be pretty useless.
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi CE

    Yep, that is what I was doing, and it updated the files on the protected drive. I had it set to read only. So I agree, pretty bad
     
  7. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    Can SF protect files/folders on second drive (not on C drive) if PC got infected with Petya ransomware?
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Not sure it protects the mbr. after my findings not sure I'd trust to protect against ransomware
     
  9. I would doubt that Secure Folders would protect the MBR, since it uses Windows internal mechanisms (ACL + alternate user). Signing in to a home group, could well circumvent these mechanisms (getting assigned other credentials than current user on the PC).

    It was the same as with GesWall and DefenseWall. They pretty much provided the same protection, only GesWall was a lot faster at that time because it used Windows internals (DefenseWall was about as fast or as slow as Sandboxie at that time). Only when you copied an contained file from one partition to another, it lost the GesWall container because the ACL settings were reset to default when copying files by the XP operating system.

    I guess there is always a downside to using Windows internal mechanisms: you can't compensate for weaknesses/leaks in the underlaying mechanism. When Microsoft came with x64 kernel protection, the whole security industry protested that we were now unable to compensate for MS-errors. This "find" also explains why Secure Folders has failed on the corporate market.
     
  10. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    Wow, if you can remotely write to a folder set to read only then SecureFolders may be nothing more than snake oil (due to critical bug). I wonder if Windows_Security could try testing SecureFolders to see if write protection is being enforced when accessed by the LAN, and WAN.
     
    Last edited: May 1, 2016
  11. Peter already did that, it did not protect, probably also the reason they failed in the corporate market
     
  12. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,392
    Location:
    Under a bushel ...
    But locally attached USB drive set to read only would still be protected? Previous tests seemed to indicate this?
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    So far testing would say yes. But if it's broken on one thing, would you really trust it to protect you against ransomware. Not I
     
  14. I have dropped it also, using Pumpernickel now
     
  15. guest

    guest Guest

    SecureFolders main purpose wasnt to stop ransomwares but just hide folders, no?
     
  16. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Agreed 100%. There's no telling what kind of tricks a security researcher or hacker could do to manipulate that USB drive to function more like a network device, with drivers or otherwise. It's scary stuff, indeed.
     
  17. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Just what I was looking for... the 1)... woo hoo!
     
  18. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,578
  19. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    I'm only using it for 2 things at the moment...
    1) set dnsapi.dll to read only (I hex-edited the Microsoft domain names out of it)
    2) set dfshim.dll and dsquery.dll to no execution (these two dll's were mentioned in the vulnerable process list)

    EFL doesn't allow additions of Windows folders and/or files, which was a dealbreaker for me. Until I realised my Temp directory is on a non-system partition, so reinstalled it... woo hoo!
     
  20. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,731
    Location:
    U.S.A. (South)
    Excuse me if this is already found within these forums but I ran across a pretty unique manually applied NTFS Permissions Tool.

    http://dbcstudio.net/software.html

    In combo with SF I found that while it maybe redundant for some users, maybe it could also serve as a compliment. Ideas?
     
  21. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Looks very interesting :thumb:
     
  22. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,448
    It doesn't always show correct access-rights.
    If i create a directory where all users have access ("Everyone") and the owner is "Everyone" it shows me: Access Rights of current user: Denied
    "You don't currently have permission to access this folder. Do you want to access to this folder anyway?"
    But everyone has permission to access it o_O
     
  23. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,578
    Thanks for the info, mood. Secure Folders is probably still far superior to similar programs, despite the fact that SF has been "abandonware" for about two years. Abandoned or not, I still use it because it's still the best out there. Just my 2 cents.
     
  24. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,392
    Location:
    Under a bushel ...
    FWIW - and in case anyone else notices this - on my secondary machine I noticed that Windows 10 Start right click menu options like Control Panel, Command Prompt, etc. would no longer open. I must say I am pretty sure I used these options after my mid-July upgrade from 7 to 10, so I am not sure when this started.

    Found this post: https://superuser.com/questions/947367/windows-10-start-right-click-context-menu-items-dont-open

    Using Nir Sofer's ShellExView, I tracked down the problematic shell extension to be Secure Folders Shell Class, which is shown for directories. Disabling it solved my problem.

    (I tried to use the program locate the CLSID in the registry and delete or disable that also, as suggested in the above thread, but there were two REG_SZ entries that did not seem related to Secure Folders, so just left that as I am not confident of messing with the registry if I don't know what I'm doing).

    I don't need the directory shell extension, as I only use SF to protect my USB backup drive, except from backup / imaging programs.

    But seeing SF is abandoned I may switch to Pumpernickel / FIDES, which I use on my primary machine, on that machine also.
     
  25. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    Can SF be used like SRP?
    Add %Appdata% in and set to Read-only or Locked or something like that?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.