Jump to content

Block all exe with anti-exploit?


Recommended Posts

No, our anti-exploit technology does not work that way.  It is not an anti-executable.  It uses behavior based signatures and signature-less detection capabilities to detect known exploit behavior.  It does not have the capability to restrict all EXEs from loading into memory.

That said, there are actually methods built into Windows itself to accomplish this, though considering the fact that a lot of malware these days doesn't even use binaries/EXEs any more, its usefulness as a means of protection would be pretty limited.  You can investigate RESTRICTRUN/NORUN as well as group policy to find more info on how to restrict what is and is not allowed to execute.  This technology has been built into Windows since at least 2000 and XP and at least some of that likely pre-dates even those operating systems.  If you want a piece of software to serve this purpose you might check on Wilders.  They have various areas where they discuss and list different types of protection/security software/tools including anti-executables, HIPS, firewalls and other system control bases tools.

Link to post
Share on other sites

20 hours ago, exile360 said:

No, our anti-exploit technology does not work that way.  It is not an anti-executable.  It uses behavior based signatures and signature-less detection capabilities to detect known exploit behavior.  It does not have the capability to restrict all EXEs from loading into memory.

That said, there are actually methods built into Windows itself to accomplish this, though considering the fact that a lot of malware these days doesn't even use binaries/EXEs any more, its usefulness as a means of protection would be pretty limited.  You can investigate RESTRICTRUN/NORUN as well as group policy to find more info on how to restrict what is and is not allowed to execute.  This technology has been built into Windows since at least 2000 and XP and at least some of that likely pre-dates even those operating systems.  If you want a piece of software to serve this purpose you might check on Wilders.  They have various areas where they discuss and list different types of protection/security software/tools including anti-executables, HIPS, firewalls and other system control bases tools.

I am sorry I meant to say shield all exes. I know it doesn't "block" exes. I guess the answer would still be no, right?

Link to post
Share on other sites

Well, you could add each installed application one by one, but that's probably not a very good idea as it would be likely to interfere with the normal functioning for some software.  The default list of shielded applications is carefully selected based on the kinds of apps which are targeted by exploits/malware such as web browsers, office applications and media players.  That said, if you have a browser, media player or office software which isn't included in the default list of shielded applications you can add it by creating a custom shield for it.  I did this with sidebar.exe which is the application built into Windows for desktop/sidebar gadgets because there are several known vulnerabilities in the Windows gadget platform but I still like using my gadgets so I added it as a custom shield and have it configured as a web browser (the default setting/option for a custom shield) since the gadgets act like custom web pages, some pulling content from the web to display on the desktop and using web code like HTML and CSS.

If there is a specific piece of software you're concerned with you can ask and we can tell you whether or not it would be a good idea to add a custom shield for it, but more often than not the default list is the way to go.  Again, the only exceptions being if you have a web browser, office application or media player that isn't already covered by the default list of shielded applications.

Edited by exile360
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.