TrendMicro BrowserGuard 2010(2.0.1070 free)

Discussion in 'other anti-malware software' started by Dermot7, Jul 3, 2010.

Thread Status:
Not open for further replies.
  1. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  2. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Does this block sites from loading or just warn about them?
     
  3. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    Can someone test if the bolded part of the quote can be opted out?
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    no options, just a service running.
     
  5. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    Actually two processes. I guess that I'm a safe surfer because I haven't seen it do anything yet. Anyone have a url where I could test what it's supposed to do?
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    You are totally right,

    BGUI.exe the user interface (enable service and/or disable pop-up)
    tmiegsrv.exe the service
     
  7. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    Have you been to an URL which gave you a popup warning yet?
     
  8. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    No other browser than IE, eh? Looks like some companies never learn... :cautious:
     
  9. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I used this a few months back and hit on a url with the warning. Actually I had several tabs open and the bad url was in one of the tabs. The bad thing was that I was unable to back out of the url- I was just frozen there with the only options to either go for the TM scan or close the browser (and other tabs in the process). Not sure if this still acts the same way or not but I uninstalled.
     
  10. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    Are you sure it was Browser Guard and not the Web Protection Addon? Browser Guard makes no mention of running House Call whilst Web Protection addon does.
     
  11. progress

    progress Guest

    Are you still waiting for a browser protection for Opera? :D

    But I agree, just IE is not enough - it should support FF at least.
     
  12. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    My bad, I just saw that. Yes it was the web protection add on I had previous.
     
  13. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    I'm still looking for more info on this but can't find any. A visit to their forum yields nothing more than the advertisement for it. It's still installed but I haven't triggered an alert yet.
     
  14. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Last edited: Jul 5, 2010
  15. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    In your opinion, is this type of attack somethng that is very rare? I noticed in one of the links that it's testing platform was XP SP 2 or earlier. How relevant is this kind of attack with Win 7?
     
  16. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Well,

    In my discussion with Eirik of blue ridge (they have AppGuard) I thought it is not something to worry about with Win7. But they have just added protection against process memory modification, since they expect it to be used by malware in the future

    So maybe you got more info, but you are problably as confused as before this post. I would say no for WIn7 and a maybe for XP, but do not hold me responsible for it. I also do not have a clue, sorry. Can't tell whether those two different vendors foresee the same trend or it is just creating tracktion in a mature market by adding some features ?
     
  17. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    Kees, you're a mind reader,lol. My next question was going to be if you thought the memory protection addon to be implemented in the next release of AG was the same or similar.
    Thanks
     
  18. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  19. Eirik

    Eirik Registered Member

    Joined:
    Oct 6, 2008
    Posts:
    544
    Location:
    Chantilly, Virginia
    The advanced memory protections of Win7 are not perfect, and may not compensate for all of the mistakes that programmers make in 3rd party software applications. You've read reports of researchers penetrating these defenses. As for what's in the wild like this, I don't know. I cannot responsibly estimate.

    There is, however, another bulls eye. The more Microsoft and Apple harden their 'system space', the more they make 'user space' where more and more combat with malware takes place. What's alarming about user-space combat is that code injection attacks from one process to another can take place without ever exploiting a vulnerability in any software process because legitimate API's can be used. I'll post a link to a small PDF that provides a little more info on MemoryGuard in the 'AppGuard News and Feedback' thread. (doesn't seem to be appropriate to do so in a thread with another vendors name in the title).

    Cheers,

    Eirik
     
  20. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Thx Eirik, so it is side by side infection (which is not covered by UAC/LUA) of processes running with LUA tokens
     
  21. tgell

    tgell Registered Member

    Joined:
    Nov 12, 2004
    Posts:
    1,076
    TrendMicro BrowserGuard 2010 updated to 2.0.0185:

    Okay I did a search on this software and found this thread. It has been updated to 2.0.0185 but I read the readme txt file and found this. Did not realize it was a beta.

    8. Known Issue
    ========================================================================
    * Page content is not dump to SAL for processing. Static Heuristic does not work under this scenario.
    * Relationship between parent and child window is not recorded.
    * No mechanism for port changing if allocated for backend server.
    * Detection logic between SAL and BG need n! times, and continue browsing time is same as scan/block time.
    * Hook is not stable when load is stress.
    * Detection logic between SAL and BG caused it. First, script node send to SAL 1 time, and whole html page with script node will send to SAL again.
    * Incapability between TI3 BEP and BG2010
    * Install window does not resizing
    * Memory leak
    * Google V8 exception
    * Page content is not dump to SAL for processing. Dynamic emulation does not work under this scenario.
    * Block page incompability between IE toolbar like Comcast and BG2010
     
  22. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  23. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    Just got interested in this piece of software. There have been a few updates since the last post, but still IE only it seems :(
     
  24. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Detection enhancement on generic browser exploits
    Comparable with Exploit Shield of F-secure (see http://www.ghacks.net/2009/08/23/f-...protects-against-0-day-web-browser-exploits/), protects against known exploit protection (in case you did not update browser to the latest patch) and new exploits using the same or simular intrusion technique.

    Upgrade VSAPI for better shellcode detection
    Intercepts scripts from withing Internet Explorer and sends them to VSAPI for shell-code scanning. VSAPI stands for Virus Scanning Application Interface. Code analysis for known intrusion techniques of old exploits and other general shell-code injection techniques (e.g. heap spray)

    Enhanced script emulation for the Script Analyzer Lineup (SAL) engine
    This is the actual javascript emulation engine, which is used to detect intrusion attempts by code emulation

    Conclusion
    When you add Trend Micro Browser Guard to Vista/Windows 7 and EMET-2 protection (GS, SafeSEH/SEHOP, DEP, ASLR, plus added shell code of EMET2 null-page and heap-spray settings) you have a great build-in protection against suspicious interprocess interaction. Mind you that when using IE8/IE9 in protected mode and Chrome, you have the extra protection of the low-rights sandbox (which is in effect more like containment, because it prevents and does not virtualise).

    For people using a two browser setup (e.g. I have Iron Portable as my main browser, because Iron is not signed, it can never elevate when running safe-admin, my second e-banking browser is IE9 on which I have Trusteer and Browser Guard added, plus hardening of IE through registry/GPO), it is really a nice add-on since it only eats CPU cycles when running IE8/IE9
     
    Last edited: Feb 6, 2011
  25. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    How is going for you? I never really had any luck with Trend Micro freebies. The last one I tried was the latest RUBotted version and it was a real mess - malfunctioning 100%, the icon would load to tray bar but the program itself would never start.

    What's worse, is that Trend Micro offers no support for their freebies. :(
     
Loading...
Thread Status:
Not open for further replies.