Author Topic: Vulnerable  (Read 192 times)

Offline bellgamin

  • Newbie
  • *
  • Posts: 18
  • Kudos +0/-0
Vulnerable
« on: February 07, 2020, 06:27:58 AM »
I used to use an anti-executable app called EXE Radar Pro (ERP). ERP's "Advanced Settings" allowed me to list specific exe files where I wanted ERP to alert me when anything tried to execute those files. Here are a few examples of the files that I put on ERP's vulnerable list so I would receive alerts:

cmd.exe
regsvr32.exe
rundll32.exe
wscript.exe
cscript.exe
msiexec.exe
 
Is there a way to set SecureAPlus to do similar alerts?
« Last Edit: February 07, 2020, 06:29:54 AM by bellgamin »

Offline hendy

  • SecureAPlus Developer
  • Sr. Member
  • *****
  • Posts: 331
  • Kudos +15/-0
Re: Vulnerable
« Reply #1 on: February 07, 2020, 08:26:33 AM »
Something similar to this is probably SecureAPlus command line rule.
The command line targeted on a specific parameter. https://support.secureaplus.com/actions-in-command-line-rules/

How about if it directly execute a file without hitting any of specific parameter defined in the rules?
Regardless of the parameter, if the file is untrusted (usually new files are untrusted, until you give permission for it to run), it will get blocked, and you will get alerted.

Offline GrDukeMalden

  • Newbie
  • *
  • Posts: 14
  • Kudos +1/-0
Re: Vulnerable
« Reply #2 on: February 10, 2020, 07:09:45 AM »
I use voodooshield along with SAP. Voodoo with a password set on its settings will not allow CMD nor a lot of other windows system things to be started without first entering the password on VS's settings.

Voodooshield also monitors ALL windows system files against command lines.

I love SAP as I've stated over on wilders security forums. I was one of the early adopters of SAP and reported problems to them that don't exist anymore.

SAP is a whitelisting AV, a lot like comodo. Voodoo and EXEradar pro are anti EXE, meant to be run along side something like comodo or SAP. (Yes, I know SAP can also be used along side a lot of other products too.)

My point is. Nothing is infallible. You need a layered setup @Bellgamin You still use MBAE? right? You could use MBAM with MBAE turned on and then you could have SAP and maybe an Anti EXE (like ERP or VS) as well and then you're good.
« Last Edit: February 10, 2020, 07:46:02 AM by GrDukeMalden »
VoodooShield(Paid)|
SecureAPlus(Paid,Pro)|
ComodoFW(free)|
HitmanPro.Alert!(Paid)|
I fiddle with whitelisting software.