Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is Simple Software-Restriction Policy safe?


  • Please log in to reply
6 replies to this topic

#1 nocebo

nocebo

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 20 November 2017 - 01:26 PM

So I have been using "Simple Software-Restriction Policy" in an attempt to stop my stupidity from getting infected.
Although after using it for a week, Process Explorers Virus Total scan returned with a result of 2 trojans.
Is this application too good to be true? Have I shot myself in the foot?

It basically allows applications to only run inside the Program Files folder and Windows folder.
It gives me ease of control to unlock and lock and configure which folders to add to the policy.

My WoT extension shows the original website as unknown but there are Virus Total comments mentioning it is safe and mentioning it has been detected by Thor Apt Scanner.

So is this trustworthy or not?
Am I better off without this application?

 

EDIT:
I have noticed it has used about 2-10% of my CPU from time to time.

Could that be the trojan at work?
I have Malwarebytes and Super Anti Spyware currently installed with Windows Defender activated.

This is the link:
https://iwrconsultancy.co.uk/softwarepolicy.htm


Edited by nocebo, 20 November 2017 - 01:28 PM.


BC AdBot (Login to Remove)

 


#2 Umbra

Umbra

    Authorized Emsisoft Rep


  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 AM

Posted 20 November 2017 - 08:57 PM

Simple Software-Restriction Policy is as its name mention an SRP (Software Restriction Policy) like Appguard or the built-in Windows Applocker; it is a legit and great tool that make the use of SRP mechanism easier.

SRPs are one of the most effective tools in the right hands, because the user can tailor it to its own personal system, however SRPs need the user to have some decent knowledge of Windows mechanisms because a wrong rule can block a program or system process to function.

If you are not so familiar with those Windows processes mechanisms and don't have time to learn about them; you are better off and you would prefer classic solutions like antiviruses.



Emsisoft Community Manager


#3 nocebo

nocebo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 20 November 2017 - 09:05 PM

Simple Software-Restriction Policy is as its name mention an SRP (Software Restriction Policy) like Appguard or the built-in Windows Applocker; it is a legit and great tool that make the use of SRP mechanism easier.

SRPs are one of the most effective tools in the right hands, because the user can tailor it to its own personal system, however SRPs need the user to have some decent knowledge of Windows mechanisms because a wrong rule can block a program or system process to function.

If you are not so familiar with those Windows processes mechanisms and don't have time to learn about them; you are better off and you would prefer classic solutions like antiviruses.

I'm taking the time to learn more about this as I only found out about SRP when I tried out this software that simplifies the control of these policies. What was concerning me was the fact that VirusTotal was reporting this software to have Trojans. It has been doing wonders for so far which was why I decided to ask to receive more input about it since their homepage in my WoT(Web of Trust) extension is set as unknown with no real input about it when I search google.

While I read more about SRP and setting it up, I dont like how difficult it is editing and manage a few of these policies. The ease of use that SSRP gave me is what made me really want to find out if it really contains a Trojan or not. It was even recommended in this guide which I had followed:

http://hardenwindows8forsecurity.com/Harden%20Windows%208.1%2064bit%20Home.html

Which was how I found out about this software.


Edited by nocebo, 20 November 2017 - 09:08 PM.


#4 Umbra

Umbra

    Authorized Emsisoft Rep


  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 AM

Posted 21 November 2017 - 07:37 AM

I'm taking the time to learn more about this as I only found out about SRP when I tried out this software that simplifies the control of these policies. What was concerning me was the fact that VirusTotal was reporting this software to have Trojans. It has been doing wonders for so far which was why I decided to ask to receive more input about it since their homepage in my WoT(Web of Trust) extension is set as unknown with no real input about it when I search google.

About VirusTotal, you ùmust exert caution, if only few unknown vendors flagged it (less than 10) , it is surely a False Positive.

About WoT, i don't like it and don't trust their opinion which is often biased and based on emotion rather than facts.

 

While I read more about SRP and setting it up, I dont like how difficult it is editing and manage a few of these policies. The ease of use that SSRP gave me is what made me really want to find out if it really contains a Trojan or not. It was even recommended in this guide which I had followed:

 

 

http://hardenwindows8forsecurity.com/Harden%20Windows%208.1%2064bit%20Home.html

Which was how I found out about this software.

 

 

yes i know this site, quite good.



Emsisoft Community Manager


#5 nocebo

nocebo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 21 November 2017 - 10:22 AM

 

I'm taking the time to learn more about this as I only found out about SRP when I tried out this software that simplifies the control of these policies. What was concerning me was the fact that VirusTotal was reporting this software to have Trojans. It has been doing wonders for so far which was why I decided to ask to receive more input about it since their homepage in my WoT(Web of Trust) extension is set as unknown with no real input about it when I search google.

About VirusTotal, you ùmust exert caution, if only few unknown vendors flagged it (less than 10) , it is surely a False Positive.

About WoT, i don't like it and don't trust their opinion which is often biased and based on emotion rather than facts.

 

While I read more about SRP and setting it up, I dont like how difficult it is editing and manage a few of these policies. The ease of use that SSRP gave me is what made me really want to find out if it really contains a Trojan or not. It was even recommended in this guide which I had followed:

 

 

http://hardenwindows8forsecurity.com/Harden%20Windows%208.1%2064bit%20Home.html

Which was how I found out about this software.

 

 

yes i know this site, quite good.

 

 

Okay I will take it as false positive and believe that SSRP is safe.
Im guessing this topic is solved already and if I ever come to any problems with it I shall post here with the news.

Thank you!



#6 nocebo

nocebo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 21 November 2017 - 02:57 PM

So I have run a scan using Zemana AntiMalware and it had detected "Heur.Malicious!Pa" within the installer for SimpleSoftwarePolicy.exe which is the installer I downloaded from their homepage.

I tried doing some searching of this "Heur.Malicious!Pa" but it only came to a few posts from people that have posted for help inside this forum which had showed up in a few of their logs they had posted.

Anywhere I can post to have some security expert to really check if this is really a false positive?



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:26 PM

Posted 22 November 2017 - 06:31 AM

Many site rating vendors (i.e. McAfee WebAdvisor (formerly SiteAdvisor), WOT, Google's Safe Browsing, Avira Scout browser, Symantec WS.Reputation.1, Webutation, avast! Online Security Plugin (formerly WebRep), etc) use a system of volunteer testers that continually patrol the Internet to browse sites, download files, and submit information. All the results are documented and supplemented with feedback from users, Web site owners, and analysis from their own employees. The advising site vendor then summarizes the results typically into a color-coded red, yellow and green ratings scale to help inform Web users as to the safety of each tested site. While these tools are useful, they are not foolproof and sometimes may provide misleading ratings. Just because you visit a risky site, that does not automatically mean the site is bad or that your system has been infected by going there. In contrast, going to a safe site could even prompt a warning. There are legitimate programs available on web sites which are falsely detected by various anti-virus programs from time to time. This sometimes results in an inaccurate site rating/warning of potentially dangerous software when that is not the case. The use of rating sites does not always guarantee an accurate rating of the results they provide and can provide a false sense of security especially for the novice user.

Even Bleeping Computer has been incorrectly rated before....see this discussion topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users