Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Would an Anti-Executable Tool provide an extra layer of anti-malware protection?


  • Please log in to reply
9 replies to this topic

#1 midimusicman79

midimusicman79

  • Members
  • 682 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:03:34 AM

Posted 22 January 2016 - 10:09 AM

Hi all!

 

We all agree that having real-time running anti-virus, anti-malware, anti-exploit/ransomware as well as backup- and disk imaging software are essential components in a comprehensive security setup, including Windows Firewall.

 

Also, it is equally important to use add-ons like i.e. Web Of Trust, µBlock Origin and Ghostery in the web browser(s) for additional security.

 

However, now I wonder: Would an Anti-Executable Tool provide an extra layer of anti-malware protection (in addition to UAC and SmartScreen)?

 

Thank you very much in advance!

 

Regards,

midimusicman79


Edited by midimusicman79, 23 January 2016 - 07:11 AM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:34 PM

Posted 22 January 2016 - 10:42 AM

Are you referring to something like Faronics Anti-Executable which uses application "Whitelisting"...blocking files based on hash value, digital signatures and publishers?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 midimusicman79

midimusicman79
  • Topic Starter

  • Members
  • 682 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:03:34 AM

Posted 23 January 2016 - 07:27 AM

Hi, quietman7!

 

Thank you for the prompt and insightful reply! :)

 

Yes, that is right. :thumbup2: Reason for asking, was Umbrapolaris' post in the topic http://www.bleepingcomputer.com/forums/t/600992/which-anti-virus-program-are-you-using/page-2 -- And i quote:

 

...Anti-executables: Appguard and NVT ExeRadarPro...

 

What is your opinion on this kind of tools?

 

Regards,

midimusicman79


MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:34 PM

Posted 23 January 2016 - 07:42 AM

I have never used any of these programs so I cannot offer any personal experience.

There is an ongoing discussion by various users in this topic...AppGuard vs. Voodooshield or NoVirusThanks EXE Radar Pro

Several other similar discussion topics with user opinions are listed here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 midimusicman79

midimusicman79
  • Topic Starter

  • Members
  • 682 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:03:34 AM

Posted 23 January 2016 - 09:51 AM

Hi again, quietman7!

 

Thank you for the reply! :)

 

Your links make for interesting reading! :thumbup2:

 

Thank you very much for the help! :thumbup2:

 

Regards,

midimusicman79


MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:34 PM

Posted 23 January 2016 - 10:35 AM

You're quite welcome. Happy reading.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 digmor crusher

digmor crusher

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:34 PM

Posted 23 January 2016 - 03:00 PM

I've tried all 3 ( Appguard, NoVirusThanks and Voodoo Shield) and have been running AG for over a year now. They all provide a powerful layer of additional protection, you can run them with the default settings or customize your protection. This requires some knowledge of how these programs work though and you shouldn't attempt this unless you know what your doing. The main reason I'm using an anti-executable is protection from ransomware. However if your running an AV, antimalware and anti exploit these may be overkill if your a safe surfer.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:34 PM

Posted 23 January 2016 - 09:46 PM

You need to be careful using protection tools for ransomware. Some security researchers have advised not to to use multiple anti-exploit applications because using more than one of them at the same time can hamper the effectiveness of Return-oriented programming (ROP) and other exploit checks. This in turn can result in the system becoming even more vulnerable than if only one anti-exploit application is running. In some cases multiple tools can cause interference with each other and program crashes.
 

While you should use an antivirus (even just the Windows Defender tool built into Windows 10, 8.1, and 8) as well as an anti-exploit program, you shouldnt use multiple anti-exploit programs...These types of tools could potentially interfere with each other in ways that cause applications to crash or just be unprotected, too

Use an Anti-Exploit Program to Help Protect Your PC From Zero-Day Attacks
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 digmor crusher

digmor crusher

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:34 PM

Posted 24 January 2016 - 01:47 AM

Quietman, wouldn't anti-exploit tools be something such MBAE and Hitman Pro Alert ?

 

I use EAM, MBAM, MBAE and AG. MBAE is the only anti-exploit tool, if you exclude AG  its possible that this combination would also protect from ransomware, AG surely would and i don't think it would interfere with any of these tools nor try to provide the same type of protection.  Sorry but I don't understand your post as I'm not running multiple anti-exploit protection and everything I'm running provides a different type of protection. An AV, antimalware, anti-exploit and anti-executable.



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:34 PM

Posted 24 January 2016 - 06:50 AM

I only provided those comments in the context of you mentioning using anti-executables as protection from ransomware, then going one to note running antimalware and anti-exploit tools. Not all or our members are as tech savy as you and that type of information helps to educate all readers.

Some tools can provide an overlap of protection. For example NoVirusThanks EXE Radar Pro includes a Vulnerable Processes feature that allows you to specify what processes should be classified as vulnerable to exploits. It can detect when a malicious web in your browser has exploited a vulnerability in Java allowing it to drop and execute a malicious payload. When a process that is listed in the Vulnerable Processes is executed, NoVirusThanks EXE Radar Pro will generate an alert so you can allow or block the execution of the process...similar to a behavior blocker, a feature included with MBAE's four layers of exploit protection...application hardening, protection against Operating System security bypasses, memory caller protection, and application behavior protection. MBAE also prevens an exploit from installing its payload...protecting against code execution that uses certain vulnerabilities in an application.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users