Smart Object Blocker (Block EXE, DLL, Drivers)

I feel same way too. I am so used to Exe Radar Pro and suggestions I want also to share and see implemented but nothing. I'm going to use ERP for the next few years (I hope) on my static config. then see what's going on with VoodooShield.

 

I have put SmartObjectBlocker on static PC configurations of some older relatives, with the following ruleset

Allow all from Windows and Program Files (they are on 32 bits).

Allow from user folders only binaries signed with a few specific trusted vendors (allow signed programs to update using wildcard eg Realtek* and Microsoft*)

I have set UAC to elevate silenty, but blocking unsigned elevation, so I am sure signature is valid.

Runs great on low spec PC's

 

Yes Windows, it works great - but still feeling a little bit uncomfortable about it - it's a very very early release and nothing new is happening. No updates, nothing. I don't think it could already be in "final" stage after the first two versions...

E.g.: I'm missing a right-click menu to quickly enable/disable protection from the contextmenu of the trayicon, like in MBAE... should be very easy to implement, but nothing happens.

Also I'm missing some sort of self-defense. Otherwise any process could simply kill the application using taskkill in windows...

 

Small companies, occasionally acquire projects which need all manpower, so development of own tools is stopped. Agree that SOB is missing some features, but it is version 1.03 so most bugs are ironed out of this little gem and the core functionality has all the things a power user could wish for.

 

Is it possible with SOB to prevent applications from creating folders in TEMP?

 

You can prevent the execution of files/drivers/dll's, but not the creating of folders with SOB.
If you want to prevent the creating of folders, you have to use additional tools to do this.

 

I sadly moved on from NVT tools, the development is too slow to my taste; despite their great concepts. I trying new stuff worth the shot.

 

Sad. Really hope NVT's not abandoned.

 

If i look at their facebook/twitter-page they are regulary posting updates, but only for their small tools.
As long as i don't encounter serious bugs with ERP, i'll keep using it.

 

Me too.
Encouraging that they are at least still active.

 

i found a replacement to ERP, so im focusing on it.

 

Spill a bean?

 

Indeed it is more an HIPS with sandboxing, hence more complicated than an Anti-exe but it works very well, and it has a kind of "lockdown mode". that blocks anything not whitelisted by the user.
ERP is more mature because it is older and have a far bigger userbase, ReHIPS is younger , but the devs are very active. They implemented on this beta most of what we asked since the previous stable release , and now we can push it further and deeper.

This is their biggest issue indeed.

 

SOB & NVT ERP is not abandoned, but development is quite slow.

 

Well, frankly I can't see the slowness at all. I just see ERP development has just halted, completely.

 

same here, even the Andreas (the dev) is silent . I feel some real life stuff happpened. Maybe a deal with another company , etc...

 

I talked to him via PM within the past month briefly. He was investigating reported NVT ERP bypass.

 

Yet, above all this uncertainty I still use ERP for the already known virtues. I just simply love it and spent months to understand its basic and now advanced functions and capabilities hence I can't just simply pick another software as a substitute...

 

i'm beta testing ReHIPS so using ERP at same time will be overkill when i already have Appguard. ERP was my Appguard's "sidekick" , but i think ReHIPS with its HIPS and sandboxing abilities will be a good substitute.

 

It is not abondened, I talked to him via mail a few weeks ago and he wanted to release a new version with minor updates. Dunno what's the state here or why it takes again a time to release it on the website. It's sad, because I also like their SW.

 

I pinged Andreas end Jan after some absence from Wilders, and he replied and also responded here.
But he hasn't been back in that thread since Feb 23.

 

@guest can you check if the settings in ReHIPS is SUA/LUA friendly (running a standard/limited account)? I had to ditch ERP because I'd have to re-tick/untick everything after Windows loaded up... wondering if ReHIPS resembles the same behaviour...

Thanks in advance for any reply.

 

@marzametal ReHIPS isn't friendly (yet) with SUA (my daily used account); i have to launch the GUI manually. However if set on Isolation Mode (call it Lockdown Mode), the GUI isn' needed.

 

Guys, you heard anything of Andreas? He wanted to release it months ago...