What is your security setup these days?

indeed my friend wat0114

 

jmonge

How do you do all this changing in your security setup

do you reinstall a freash copy of windows
or a disk image

because as far as i know Security Programs have leftovers

 

manualy removed Ranget

 

Your PC's probably want to strangle you

 

it is very smooth
very fast and trouble free

 

I'm not understanding. What's asking you what?

 

OK my friend good hehe.

 

I buy through deals, get them from friends, etc. I haven't purchased a game in a while and I usually stick to emulating games on my computer via PCSX2 (games that I own and have dumped onto the computer.)

Haha I'm sure I give that impression. I assure you wilders is only ever half of the screen =p I do lots of other things with my computer (and without! haha)

=p Everyone's got their rules. I just write them out nice and clear.

When running at LowIL I get a prompt every time I open Chrome saying "Run or Cancel" and some other stuff as if it were the first time I'd ran it.

 

how often do you use On Demand scanner ?
an what are you planning to use j ?

BTW i Read earlier that you have a new security expert in your family

Congrats bro

 

That can happen when your Behaviour Blocker isn't very good.

 

You need to apply a low integrity level to Chrome's profile. Have you done that?

 

Yikes. Nope. The entire thing?

The problem with that is that anything run at LowIL can now write to the entire profile. That's no good. I'm fine with setting a .exe so that it can call things to LowIL but I don't like setting folders like that to LowIL.

 

hehehe

also it can be a bug in my out bound firewall

 

Well I suggest going to the store and getting a refund, hehe...

 

You only need to apply a low integrity level to the folder that contains the folder Default and the safe browsing files, etc.

I'm not really concerned about execution, as I got AppLocker, which automatically blocks execution.

Anyway, you could create two batch files. One giving a low integrity level to the profile folder and another one restoring the IL to a medium. Use the Low IL before opening Chrome, so that the profile is loaded. See if after restoring back the Medium IL, you can still use Chrome without problems. You obviously won't be able to modify settings, unless you first re-apply the Low IL.

See what works best for you. By the way, I also do the same thing for %AppData%\Local\Temp. Two batch files. One applies a low IL, so I can download files, and another one restoring back the IL to medium.

 

Ah, I suppose I could block execution.

I think I'll just pass. I'm very... very confident in Chrome sandboxing techniques and I'm also fairly confident in sandboxie.

 

There you go!!! You don't need to apply a low integrity level then. If you run Chrome inside Sandboxie, then chrome.exe's low integrity level will propagate to Sandboxie's processes, which on their turn will apply a low integrity level to any object and folder inside the sandbox's folder.

Did you experienced what you previously mentioned (about the Run or Cancel thing) inside or outside Sandboxie?

I ran Chromium with a low integrity level inside Sandboxie for a very long time, and never had issues.

Sandboxie would allow me to then recover the folders and files just fine.

 

You can selectively apply Low IL to specific directories or files. You only need to know which ones need the Low IL, which is not that hard really.

I run as admin, and have used Low IL for Chromium quite a bit and done much testing. I have don't recall seeing the thing you speak of happening.

Maybe check the chrome.exe, see if it has an ADS on it. If it does not, then proceed to other offerings. I made a thread somewhere which told what directories were needed to put a Low IL on, and how that effected things. You might find some infos in there that could clear it up.

I used Low IL for quite a long time, and never experienced what you describe. I don't fear what happens to my profile, as what is in the profile really that is going to hurt me? I don't keep data there, and I have my downloads directory set, and it is sandboxed (normally).

But also, having been running Chromium as an Admin for a couple months now, without sandboxie, I have not had any issues. How much is needed vs how much is being well prepared is blurred to me.

Sul.

Oh yeah, if you run as admin without UAC, chrome broker will run at high. You can always set it to a Medium IL rather than low, which is not as restricted, but definately not as open ended as High. This still gives you access to profiles etc, but also allows other areas too.

Sul.

 

@m00n, I was running Chrome sandboxed. Should I have cleared out my sandbox first?

@Sully: ADS? I tried to find that topic but I could not.

I run UAC so no need for that.

I'll try running Chrome at LowIL and clearing the sandbox.

EDIT: No, I cleared the sandbox...

 

This is an ADS prompt. That stands for Alternate Data Stream. Think of it as a psuedo file that is attached to a file. This is used on NTFS file systems. It indicates the file originated from the internet zone, and that prompt is there to warn you of this. The way to get rid of it is to look at the files properties, and at the bottom is a check box for unblocking this. There are other ways to get rid of it as well, but that works fine.

Sul.

EDIT: Often you will see a something on the prompt that says something like "always allow this". I do anyway. Maybe because you are using UAC you don't see it, or it is a setting. The 1806 setting Kees talks about controls things like this.

 

I don't see any reference to that in my chrome.exe or my shortcut properties. Read only, hidden, advanced. I'm looking around but not finding it.

 

OH!!! Now I understand what you were talking about. I tought you were getting some error message due to the profile being with a medium IL. lol

Sully is right then. You need to unblock it.

 

Ah I see your edit. Well, there's no "Always allow this."

Any suggestions?

 

You could try to use this Streams and remove the ADS. I believe there are other ways, but that's what I remember now. lol

http://technet.microsoft.com/en-us/sysinternals/bb897440.aspx