Use Applocker to only let firefox access firefox-data files?

Discussion in 'other security issues & news' started by zakazak, Sep 18, 2011.

Thread Status:
Not open for further replies.
  1. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    Hi, I wonder if I can use Applocker to only allow firefox.exe to read the password in the %Appdata% folder ?

    Would it be:

    Executable Rules -> Deny -> Choose %appdata% firefox folder -> exceptions -> file hash -> choose firefox.exe ? (and maybe also plugin-container.exe ?)

    if so, would I also have to add some files from CIS 5.x so that it can still protect the folder?

    thanks
     
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I believe you can't use either AppLocker or CIS to do that. Have you considered using a password manager such as LastPass?
     
  3. Spysnake

    Spysnake Registered Member

    Joined:
    Apr 11, 2009
    Posts:
    187
  4. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    So making rules in Applocker for the %appdata% firefox folder while adding firefox.exe als exception would mean:

    nothing is allowed to execute in %appdata%-firefox except the firefox.exe

    but still every random.exe would be able to access the files n %appdata%-firefox (but it cant be executed in that folder) ?

    @edit: I use LastPass but this was just an example.. i also wanted to do this with thunderbird,messengers,... also I thought I would cancel LastPass and use Firefox sync :p
     
  5. Spysnake

    Spysnake Registered Member

    Joined:
    Apr 11, 2009
    Posts:
    187
    If you allow a folder path, all files in that folder can execute. If you deny a folder path, nothing there can execute. Deny takes a preference if both are applied to same path.

    So yes, you are atleast partially correct in your assumptions. I don't know if you can even make an exception like that, someone of the AppLocker gurus could answer to that. But AppLocker is still strictly for the execution control.
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    If there were a utility in Windows that could limit reads/writes access based on path/ publisher... I'd never run third party security again.
     
  7. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    Correct. People are trying to use Applocker in a way it is not designed for. Also is it important to know limitations of a security layer.

    Its better to use allow path rules with exceptions to restrict directories that a user can write to. Also it is not recommended to use deny rules at all as a user can modify or move a file or files and cause the deny rule(s) to become invalid.

    Good for you.
     
    Last edited: Sep 19, 2011
Loading...
Thread Status:
Not open for further replies.