NoVirusThanks Smart Object Blocker - wersje rozwojowe
- Autor tematu OXYGEN THIEF
- Rozpoczęty
Dzięki Oxy.Testował to już ktoś ?
A
Anonymous
To sofcik typu : zainstaluj (i po stworzeniu reguł) zapomnij.Nie masz żadnych wyskakujących komunikatów .A przeprowadzone akcje możesz se sprawdzić w oknie głównym programu.ssl111 napisał:
Co do skuteczności...to dopiero pierwsza beta czyli testy dopiero przed nami.
NoVirusThanks Smart Object Blocker v1.1
NoVirusThanks Smart Object Blocker v1.1
NoVirusThanks Smart Object Blocker v1.1
Zaloguj
lub
Zarejestruj się
aby zobaczyć!
A
Anonymous
Tachion z SG testował ten sofcik...i na razie coś słabo wypada...ale widać,że Andrea opuścił już NVT i koncentruje się na SOB więc na pewno z czasem git odpicuje ten produkt.
jasonX
Bardzo aktywny
- Dołączył
- 23 Październik 2015
- Posty
- 149
- Reakcje/Polubienia
- 987
Would be nice if the program will block any files like video, MS Office files and not just process/dll/drivers. But as I see it the program is very promising and can be a partner to NVT Exe Radar. Anyone have tried out this thoroughly..?
---
Byłoby miło, gdyby program będzie blokować żadnych plików, takich jak wideo, plików MS Office i nie tylko procesu / DLL / kierowców. Ale jak ja to widzę program jest bardzo obiecujące i może być partnerem do NVT Exe Radar. Każdy, próbowali się tego dokładnie ..?
---
Byłoby miło, gdyby program będzie blokować żadnych plików, takich jak wideo, plików MS Office i nie tylko procesu / DLL / kierowców. Ale jak ja to widzę program jest bardzo obiecujące i może być partnerem do NVT Exe Radar. Każdy, próbowali się tego dokładnie ..?
jasonX
Bardzo aktywny
- Dołączył
- 23 Październik 2015
- Posty
- 149
- Reakcje/Polubienia
- 987
Any news on the supposed update? I'd like to check how to make a rule to block a specific file from being accessed. Well if that is feasible with SOB.
-----
Wszelkie wiadomości na temat rzekomej aktualizacji? Chciałbym sprawdzić, jak zrobić regułę blokowania określonego pliku przed dostępem. Cóż, jeśli jest to wykonalne z SOB.
-----
Wszelkie wiadomości na temat rzekomej aktualizacji? Chciałbym sprawdzić, jak zrobić regułę blokowania określonego pliku przed dostępem. Cóż, jeśli jest to wykonalne z SOB.
jasonX
Bardzo aktywny
- Dołączył
- 23 Październik 2015
- Posty
- 149
- Reakcje/Polubienia
- 987
Just saw an update from Wilderssecurity that there will be an update soon. See here,
Zaloguj
lub
Zarejestruj się
aby zobaczyć!
jasonX
Bardzo aktywny
- Dołączył
- 23 Październik 2015
- Posty
- 149
- Reakcje/Polubienia
- 987
Have given thought on fiddling with this Smart Object Blocker to see how it behaves and checkout if this may be of use to my computing.
Rules creation was from scratch and if you do not like creating rules like that chances are you aren't gonna like it but the gem in this program is it's possibilities or so I was told or understood as I was reading the thread at Wilders
So as I tried to make rules from scratch via the Read Me / Variables I have had success and some failures with observations in tow. I tried it focusing on the .exe files but may later try .dll and driver blocking. Here are they:
Restricting launch of default browser due to trigger-mechanism by programs
--Before I would try this out with Bitdefender 2013/2014 and there was no luck. Browser would launch when a game or an application is closed or when you click something in the gui. In SOB you can restrict that. But in my experiment there are programs (like Auslogics Disk Defrag) that tend to use "explorer.exe" to trigger the browser launch. So blocking the browser via the rule (as guided by the Read Me/Variables) will not work. Auslogics Disk Defrag is using explorer.exe to trigger the launch of firefox.exe(former default browser). Default browser will still launch EVEN if you block the default browser. So if you block the default browser (firefox.exe or iexplorer.exe) from being triggered by DiskDefrag.exe (Auslogics Disk Defrag) the default browser will still launch.
Rules below will not work for Auslogics Disk Defrag
[%PROCESS%: *\iexplore.exe][%PARENTPROCESS%: *\DiskDefrag.exe]
[%PROCESS%: *\firefox.exe][%PARENTPROCESS%: *\DiskDefrag.exe]
[%FILENAME%: iexplore.exe][%PARENTPROCESS%: *\DiskDefrag.exe]
[%FILENAME%: firefox.exe] [%PARENTPROCESS%: *\DiskDefrag.exe]
It should be that you must block explorer.exe from being triggered by DiskDefrag.exe (Auslogics Disk Defrag).
[%FILENAME%: explorer.exe] [%PARENTPROCESS%: *\DiskDefrag.exe]
[%PROCESS%: *\explorer.exe][%PARENTPROCESS%: *\DiskDefrag.exe]
See proof of SOB blocks below:
For GOM Media Player GOM.exe it triggers the default browser to launch so the rules that did not work for Auslogics will work for it.
//Prevent GOM Player from running default browser
[%PROCESS%: *\iexplore.exe][%PARENTPROCESS%: *\GOM.exe]
[%FILENAME%: iexplore.exe][%PARENTPROCESS%: *\GOM.exe]
//Prevent GrLauncher.exe from launching
[%PROCESS%: *\GrLauncher.exe][%PARENTPROCESS%: *\GOM.exe]
//Prevent GrLauncher.exe from running default browser
[%PROCESS%: *\iexplore.exe][%PARENTPROCESS%: *\GrLauncher.exe]
See proof of SOB blocks below:
As in GOM.exe, media player Daum PotPlayer - PotPlayerMini.exe the rules to block browser launch is the same BUT PotPlayer prefers to launch firefox.exe instead of Internet Explorer.
//Prevent PotPlayerMini.exe from running default browser
[%PROCESS%: *\firefox.exe][%PARENTPROCESS%: *\PotPlayerMini.exe]
[%FILENAME%: iexplore.exe][%PARENTPROCESS%: *\PotPlayerMini.exe]
See proof of SOB blocks below:
Internet Explorer issues
Encountered launching of IE as SOB blocked it from running because of the default rule. It was impossible to run IE normally if you will not disable SOB or Exclude it in the SOB exclude rules. So as I am not using IE I prefered to make it the default browser from firefox.exe.
Also if IE is the default browser you can just block the whole IE execution altogether via rule, [%PROCESS%: *\iexplore.exe] -- since SOB is restricting IE and will not let it execute normally due to exploit process issues.
See proof of SOB blocks below:
Restrict executables from running in a specific file path or drive
As for restricting access to drives and locations, experienced that only "executables" are blocked and not common filetypes like .doc / .html. Rules created:
//Block any programs from executing in J:\
Process.DB:
[%PROCESS%: J:\*]
[%FILEPATH%: J:\*]
Drivers.DB:
[%FILE%: J:\*]
DLL.DB:
[%FILE%: J:\*]
Executables that were blocked are below:
J:\BandiZip Portable\Bandizip32.exe
J:\MPC-HCPortable\MPC-HCPortable.exe
J:\Portable WordWeb\wweb32.exe
See proof of SOB blocks below:
Restrict Kingsoft applications from launching default browser.
Rules created below for Kingsoft Writer to not be able to launch the defaukt browser from it's gui worked.
[%PROCESS%: *\iexplore.exe][%PARENTPROCESS%: *\wps.exe]
See SOB proof of block below:
I will try to test some on programs like Glary Utilities the next time I can. Smart Object Blocker is pretty much in it's infancy but the potential for this program is great. The trigger mechanism alone I formerly block with Comodo HIPS or Outpost Firewall Pro Anti-Leak (and the defunct Online Armor Premium HIPS) is a piece of cake with SOB. Not may security application can do this.
If there are any of you who are trying Smart Object Blocker please do chip in your experience
Rules creation was from scratch and if you do not like creating rules like that chances are you aren't gonna like it but the gem in this program is it's possibilities or so I was told or understood as I was reading the thread at Wilders
Zaloguj
lub
Zarejestruj się
aby zobaczyć!
. At the time I tried it out there came a new version which is version 1.3. You can download it here,
Zaloguj
lub
Zarejestruj się
aby zobaczyć!
. So as I tried to make rules from scratch via the Read Me / Variables I have had success and some failures with observations in tow. I tried it focusing on the .exe files but may later try .dll and driver blocking. Here are they:
Restricting launch of default browser due to trigger-mechanism by programs
--Before I would try this out with Bitdefender 2013/2014 and there was no luck. Browser would launch when a game or an application is closed or when you click something in the gui. In SOB you can restrict that. But in my experiment there are programs (like Auslogics Disk Defrag) that tend to use "explorer.exe" to trigger the browser launch. So blocking the browser via the rule (as guided by the Read Me/Variables) will not work. Auslogics Disk Defrag is using explorer.exe to trigger the launch of firefox.exe(former default browser). Default browser will still launch EVEN if you block the default browser. So if you block the default browser (firefox.exe or iexplorer.exe) from being triggered by DiskDefrag.exe (Auslogics Disk Defrag) the default browser will still launch.
Rules below will not work for Auslogics Disk Defrag
[%PROCESS%: *\iexplore.exe][%PARENTPROCESS%: *\DiskDefrag.exe]
[%PROCESS%: *\firefox.exe][%PARENTPROCESS%: *\DiskDefrag.exe]
[%FILENAME%: iexplore.exe][%PARENTPROCESS%: *\DiskDefrag.exe]
[%FILENAME%: firefox.exe] [%PARENTPROCESS%: *\DiskDefrag.exe]
It should be that you must block explorer.exe from being triggered by DiskDefrag.exe (Auslogics Disk Defrag).
[%FILENAME%: explorer.exe] [%PARENTPROCESS%: *\DiskDefrag.exe]
[%PROCESS%: *\explorer.exe][%PARENTPROCESS%: *\DiskDefrag.exe]
See proof of SOB blocks below:
For GOM Media Player GOM.exe it triggers the default browser to launch so the rules that did not work for Auslogics will work for it.
//Prevent GOM Player from running default browser
[%PROCESS%: *\iexplore.exe][%PARENTPROCESS%: *\GOM.exe]
[%FILENAME%: iexplore.exe][%PARENTPROCESS%: *\GOM.exe]
//Prevent GrLauncher.exe from launching
[%PROCESS%: *\GrLauncher.exe][%PARENTPROCESS%: *\GOM.exe]
//Prevent GrLauncher.exe from running default browser
[%PROCESS%: *\iexplore.exe][%PARENTPROCESS%: *\GrLauncher.exe]
See proof of SOB blocks below:
As in GOM.exe, media player Daum PotPlayer - PotPlayerMini.exe the rules to block browser launch is the same BUT PotPlayer prefers to launch firefox.exe instead of Internet Explorer.
//Prevent PotPlayerMini.exe from running default browser
[%PROCESS%: *\firefox.exe][%PARENTPROCESS%: *\PotPlayerMini.exe]
[%FILENAME%: iexplore.exe][%PARENTPROCESS%: *\PotPlayerMini.exe]
See proof of SOB blocks below:
Internet Explorer issues
Encountered launching of IE as SOB blocked it from running because of the default rule. It was impossible to run IE normally if you will not disable SOB or Exclude it in the SOB exclude rules. So as I am not using IE I prefered to make it the default browser from firefox.exe.
Also if IE is the default browser you can just block the whole IE execution altogether via rule, [%PROCESS%: *\iexplore.exe] -- since SOB is restricting IE and will not let it execute normally due to exploit process issues.
See proof of SOB blocks below:
Restrict executables from running in a specific file path or drive
As for restricting access to drives and locations, experienced that only "executables" are blocked and not common filetypes like .doc / .html. Rules created:
//Block any programs from executing in J:\
Process.DB:
[%PROCESS%: J:\*]
[%FILEPATH%: J:\*]
Drivers.DB:
[%FILE%: J:\*]
DLL.DB:
[%FILE%: J:\*]
Executables that were blocked are below:
J:\BandiZip Portable\Bandizip32.exe
J:\MPC-HCPortable\MPC-HCPortable.exe
J:\Portable WordWeb\wweb32.exe
See proof of SOB blocks below:
Restrict Kingsoft applications from launching default browser.
Rules created below for Kingsoft Writer to not be able to launch the defaukt browser from it's gui worked.
[%PROCESS%: *\iexplore.exe][%PARENTPROCESS%: *\wps.exe]
See SOB proof of block below:
I will try to test some on programs like Glary Utilities the next time I can. Smart Object Blocker is pretty much in it's infancy but the potential for this program is great. The trigger mechanism alone I formerly block with Comodo HIPS or Outpost Firewall Pro Anti-Leak (and the defunct Online Armor Premium HIPS) is a piece of cake with SOB. Not may security application can do this.
If there are any of you who are trying Smart Object Blocker please do chip in your experience
jasonX
Bardzo aktywny
- Dołączył
- 23 Październik 2015
- Posty
- 149
- Reakcje/Polubienia
- 987
Well pretty much slow roll for Smart Object Blocker. I think it's a keeper if they can get it to full swing AND a good gui will definitely help.
Zaloguj
lub
Zarejestruj się
aby zobaczyć!
