Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Locking down CertUtil?


  • Please log in to reply
8 replies to this topic

#1 CrimsonCricket

CrimsonCricket

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 PM

Posted 04 April 2018 - 06:59 PM

A recent Bleeping Computer news article suggested that Windows users should "may want to lock down [CertUtil's] ability to connect to the Internet" but no instructions on how do this were provided!  So how does one go about doing this?



BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:49 PM

Posted 05 April 2018 - 07:43 PM

The easiest way is through Windows Firewall. Make sure its enabled and then perform the following:

Go into the Windows Firewall control panel and click on advanced settings.

From there click on "Outbound Rules", then click on Actions->New Rules.

Then configure it like the images below and press next at each screen:

type-of-rule.jpg


path.jpg


action.jpg


profile.jpg


At the last page, give it a name like "Block Certutil Outbound Connection" and then press "Finish".

#3 Sampei_Nihira

Sampei_Nihira

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:01:49 AM

Posted 06 April 2018 - 10:36 AM

In the rules of OSA v. 1.4 beta there is also the control of this exe



#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:49 PM

Posted 06 April 2018 - 11:06 AM

OSA?

#5 Sampei_Nihira

Sampei_Nihira

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:01:49 AM

Posted 06 April 2018 - 11:13 AM

Novirusthanks OSArmor.



#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:49 PM

Posted 06 April 2018 - 11:21 AM

Looks interesting. Gonna do an article on it :) Thanks for sharing!

#7 Sampei_Nihira

Sampei_Nihira

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:01:49 AM

Posted 06 April 2018 - 11:27 AM

:thumbup2:

 

Windows has a built-in program called CertUtil,.................

 

 

Wrong.

It is not present in Windows XP. :thumbsup2:



#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:49 PM

Posted 06 April 2018 - 11:38 AM

Been there from Vista+. I think we are safe to refer to Windows as the latest two incarnations :)

#9 Sampei_Nihira

Sampei_Nihira

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:01:49 AM

Posted 08 April 2018 - 02:34 AM

NovirusThanks wrote:

 

We're planning to release v1.4 on 10 April...............

 

 

https://www.wilderssecurity.com/threads/novirusthanks-osarmor-an-additional-layer-of-defense.398859/page-59#post-2749714


Edited by Sampei_Nihira, 08 April 2018 - 02:34 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users