WormGuard Extensions?

Discussion in 'WormGuard' started by Rilla927, Aug 23, 2005.

Thread Status:
Not open for further replies.
  1. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    Are there any additional extensions that I can add to WG?

    Thanks
    Rilla927
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
  3. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
  4. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    The extensions given in that thread are all a potential danger, that is why they were included.

    Some are rather rare, like .SWF viruses, but you can see why it could be a threat by looking here:-

    http://securityresponse.symantec.com/avcenter/venc/data/acts.lfm.926.html

    http://www.sophos.com/virusinfo/analyses/swflfm926.html

    One I forgot to include on my list, though it was mentioned elsewhere, was .SCR; you can see why that would be relevant here:-

    http://filext.com/detaillist.php?extdetail=.SCR&goButton=Go

    You will have to go through each extension on the list, in turn, and see for yourself whether you consider it worth including; I don't suppose anyone else will bother to do that job for you!

    If you just want the really important ones, you have them in the default list!
     
  5. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    here a list someone suggested for a different script program. havent tried with wormguard tho:

    Code:
    .OCX,.COM,.SYS,.DLL,.CHM,.CMD,.CPL,.MSC,.MSI,.EML,.JS,.JSE,.PIF,.MSG,.MSG,.SCR,.INF,.INS,.ISP,.CRT,.LNK,.REG,.SCT,.WSC,.BAT,.HTM,.HTML,.VBS,.VBE,.HTA,.WSF,.WSH,.SHS,.SHB
     
  6. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Interesting, WS. :doubt: I see you have .DLL on the list. Are there not a LOT of good .DLL files used by just about all Windows programs?
     
  7. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i never rele checked the list, i just copied from this thread.
     
  8. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    How is one supposed to get information if they get beat up for asking.
     
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hello Rilla927,

    I don't think TopperID was intending that! He and I both posted to the thread referenced by Jooske, and you will notice that there is a long list of script filetypes that potentially are dangerous, that is, any script filetype *could* execute malicious code.

    Some decisions are best made individually. For instance, I don't include *.bat in the block list because I have so many of those files that I run on a regular basis, and I don't include them in the trusted list because WG cautions against having too many files in the list.

    See also post #4 in that thread where WG will alert to *any* script whether or not it's on the blocked list. Blocked means it's not permitted to run, and you have no option otherwise.

    If not on the blocked list, WG alerts and gives you the option what to do.

    So, even if a filetype is not on the blocked list, you are protected because WG monitors all script filetypes

    This is a block list I helped set up for a friend. It's similar to what's been posted before, and some are already on the default list:

    .BAT .HTA .JS .JSE .MDE .PIF .REG .SCT .SHA .SHB .SHS .VB .VBE .VBS
    .WSC .WSF.WSH

    If you use MS Access, you would want to put your .mde files in the trusted list - this is a decision that only you can make.

    One thing that helps, and is very infomative, is to know what the different filetypes are. Here is a good list that includes descriptions of the above:

    Potentially Dangerous File Types

    This is an information list, not a block list: You wouldn't want to block many described here - for instance, .doc (Word document) if you use MSWord. But WormGuard will alert if there is a macro contained in the file, so you are protected.

    The WormGuard Help file is also useful, especially about macro protection.

    If you want more information on any filetype you are considering, you can search for it specifically, or post it here and someone can help.

    The time spend learning about these filetypes makes us more knowledgeable about how our computer operates.

    regards,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  10. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hello Daisey,

    The first four files on that list are technically executables and not script types, so WG wouldn't monitor them.

    regards,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  11. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Thanks Rmus, for explaining my position better than I managed to!

    The previous poster, in the other thread, had requested a comprehensive list of file types, from which to select, which is what I attempted to provide. I merely meant that it would not be possible to select from the list to match another person's requirements and they would have to do that for themselves, since they are the only ones who know what those requirements might be!.
     
  12. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Understood. Thanks! :)
     
Thread Status:
Not open for further replies.