Secure Folders to protect folders (and use as anti-executable)

I wonder if more than one instance of Secure Folders can co-exist...

 

No, you can't configure trusted apps manually, it will alert you everytime some app wants to read or write to protected folders. I have tested it, and it does really work. Of course, if ransomware injects code into explorer.exe or svchost.exe, then SS (and SF) will probably fail to protect, but SS can block code injection, so it's up to you to stay alert.

 

@Mister X

Take a look at this thread:
https://www.wilderssecurity.com/thre...es-folders-deny-write-access-to-files.382163/

 

Thanks a lot Andreas! Going to check it out...

 

Oh Oh

 

I use SecureFolders to protect in a locked state a special data folder from any kind of cryptomalware. However I added some trusted applications allowed to do anything to the files within that special data folder.
This applications are among others: explorer.exe, notepad.exe, notepad++.exe, excel.exe, powerpnt.exe, winword.exe, etc.
Could a cryptomalware use as a vector those programs to do its job?

 

Explorer is known to be attacked by exploits and ransomware. But you have to see this in perspective: yes it is not a 100% security, but every day I go outside knowing I have a chance to be hit by a bus. So what is the difference with real life? I would not bother about that. Looking at your sig you have plenty (I counted at least a second, third, fourth and fifth) safety nets to deal with this rare risks.

 

Thank you @Windows_Security
Now I feel I'm doing things more or less correctly about security.

 

Is it 2nd 3rd 4th 5th or all for one and one for all? Some apps trump others...

 

What happens if you don't trust explorer.exe, will everything still work correctly? And like I said before, to stay safe, you need a tool that can block code-injection, like HIPS. If ransomware can't inject code, it can't use other trusted apps for encrypting.

 

Permissions are revoked if I don't trust explorer.exe, i.e., I can't even open the folder in question. Same for the other apps in the list obviously.
Respect code injection I have no HIPS program but AppGuard, I believe I'm covered.

 

OK, so blocking explorer.exe is not a real option, if I understood correctly. And yes, I believe that AG is blocking code injection, but only if the app is guarded, I'm not sure though.

 

Is Secure Folders still safe to use? Can it still be seen as an additional layer of security when it comes to ransomware? If so, where can I download the latest version of this program (compatible with Win 10 32bit)? The original website does not seem to exist any more. Or are there better alternatives?

 

A previous post had a mirrored link provided by a forum user. I am not sure if it is still active or not...

 

Thanks, marzametal. I will give it a try.

 

The link above is still active. Those who use Secure Folders: What are your settings to protect your files and folders from ransomware? Any suggestions? I have so far only added my backup folder to Secure Folders (read only). What else needs to be done?

 

https://www.wilderssecurity.com/threads/new-radamant-ransomware-kit.382428/#post-2550934
https://www.wilderssecurity.com/threads/ransomware-protection.382452/#post-2550763
Plenty of ideas...

 

Thanks for the links. Yes, plenty of ideas, but I think it all comes down to backup, backup, backup. No matter how hard you try - sooner (rather than later) there will be ransomware that bypasses your security setup and encrypts all your personal stuff. Backing up regularly is probably the only effective thing you can do about this sort of malware. Anyway, if you have some suggestions for Secure Folders additions, please keep them coming.

 

I haven't really tried (like in the past before) to bombard Secure Folders to see WHICH malware that it might CAN'T stand up to against, but all in all it's surprisingly and easily IMHO sufficient enough that i keep it on my Taskbar to use ON-DEMAND for those occasions where i might want to PHANTOM a likely User folder or even lock it from being read at all (same thing basically) if i happen onto a dodgy site that uses those freakin annoying ads n ad videos which also unleash those notorious auto-pop unders ( i detest that crap with a passion) when using IE. Yes i still use IE to test some of my security, a very good browser platform where if something is going to channel thru a commonly used browser, IE is the easiest to send thru their wares

 

I've been playing with Secure Folders (SF) for an hour or so, and I really like it. I have already added some files and locations to SF that are typically misused by ransomware (no execution of vssadmin.exe, bcdedit.exe etc.). What a pity this program is now "abandonware", but it's still great and it does what it's supposed to do.

 

I knew you'd like it, everybody does...

 

IMHO it's a fabulous addition to the security lineup. Small n light but STRONG enough in what it can do for extra protections.

 

Before I saw @Mister X 's links, I can say I only have three entries...
C:\Windows\Microsoft.NET
C:\Windows\SysWOW64\WindowsPowerShell
C:\Windows\System32\WindowsPowerShell

All 3 are set to "no execution", and I just allow apps that require .NET as trusted; so far Adguard, Windows Firewall Control, Acrylic DNS, HexChat and CC Enhancer.

I make use of other apps too, it's not like all you need is Secure Folders.

 

indeed , i double protect my sensitive folders with both Appguard and SecFolders but i still wondering what happen to its dev.

 

I have a USB drive connected for backups, images, etc. only. But while it is connected it is obviously vulnerable to ransomware.
Is it possible to set the whole drive to lock or read-only, then set up only the backup programs (Macrium, Bvckup 2) as trusted.
Would that work?