Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Chrysalis]

interesting app.

So I take it the free version is good enough as long as remember to manually update it right?

So I see it basically is a lockdown on exec rights, it uses SRP.

[kitz]

So I take it the free version is good enough as long as remember to manually update it right?

I downloaded the free version and there's an option to subscribe via email for news updates which I have done, so presumably this should alert you if there is a new version.

[Chrysalis]

kitz what level of protection did you set?

I am on the max although not rebooted yet.

I see all it does really is add a load of SRP policies to limit execution rights.

[Chrysalis]

ok an update.

Firstly when I had the beta option enabled, I was getting UAC prompts on bootup from some of my startup apps that dont normally trigger a UAC prompt, odd behaviour, it went away when I downgraded the protection.

Second, the protection does not appear to be fully working, it appears it doesnt solely rely on SRP, as I think the non SRP protection is working, I know because if I change my time zone, it triggers a prompt asking me to approve the cpl loading as filtered by cryptoprevent.

However if enabling the advanced interface, there is a test button, pressing that button the test fails, and if I manually check the SRP config I can see none of the settings are applied.  I have been busy so not looked into this too much yet, but did read on wilders security AV apps can block cryptoprevent from working properly so I suspect nod32 may have blocked it possibly.

See my attached screenshot, the filtering stuff top right is whats working, but the SRP on the left is not.

[AArdvark]

There is some crossover between many AV packages and what CryptoPrevent does.
You may need to install CryptoPrevent 1st then your AV package.

Personally I run Avast & Malwarebytes & Spybot-S&D 1.62.x (Not the latest ver 2.x where the UI/usability has gone 'off-planet').
[That covers patterns/locations & heuristics ]
I also have the UAC set to the annoy level where I get asked everything.
It is something I am prepared to accept to avoid something running unannounced or uninvited. 

 

[Chrysalis]

ok another update.

It seems SRP on my system is pretty broken, some posts by me here. http://www.wilderssecurity.com/threads/cryptoprevent-is-no-longer-based-solely-on-windows-software-restriction-policies.365060/page-4#post-2513901

Long story short I still have cryptoprevent installed but only its non SRP protections are active, however I have now setup some applocker policies with a default deny setup meaning I have mirrored the protection and even exceeded it since I have default deny.

As a quick test if you want to know if it works, copy a exe to c:/programdata and see if it executes.  Maybe the issue is only on my rig but I will be emailing the dev's as SRP has been unsupported in windows from vista onwards, its XP tech.  Applocker is the replacement.

[Weaver]

I set up SRP (by hand) on every system that I administer, without fail. I’ve found it to be outstandingly effective if done right, and I have a standard policy now which I apply to every box (supports x64 boxes too).

[Chrysalis]

If you saying it works on win7 boxes you got any idea why its broken for me?

For those who cant be bothered to read the wilders posts, summary of my issues with SRP.

1 - All rules added by cryptoprevent dont work
2 - rules added in policy editor manually, only work for non admin accounts.
3 - even for non admin accounts some rules in policy editor dont work, especially ones not on c: drive.

Applocker seems to work perfect although it does have less freedom in configuration.

Tonight I will try this on my win10 machine, to see how that behaves given its clean.

By the way I did try to switch to a normal user account as well to reduce my write rights alongside the restricted exe rights, but I had to change back for now due to an issue with 2-3 apps I got.  But I will work on it more.

[Chrysalis]

update, installed on win10 box.

After the reboot i got a popup saying successfully applied, so I guess something on my win7 rig is broken with SRP.

Friend of mine informed me SRP is auto disabled when applocker is available, applocker is only on win7 ultimate/enterprise and isnt on lower versions of windows, or on  'any' consumer versions of windows 10.

Still doesnt explain why it partially works tho, but maybe the auto disabling mechnism is buggy or something, still not tested yet on my win7 laptop as updating EMET earlier caused a lot of chaos I had to fix.

[kitz]

Ive not looked in depth,  but Im on win7 pro and if I do the test from the advanced screen then mine passes fine.
My settings appear to be the same as yours.

[Chrysalis]

win7 pro doesnt have applocker.  So if I am right its an issue that will only exist on win7 ultimate or enterprise.

[tbailey2]

Ive not looked in depth,  but Im on win7 pro and if I do the test from the advanced screen then mine passes fine.
My settings appear to be the same as yours.

Likewise from Win 8 Pro....

[kitz]

Tony whilst you're about can you do me a quick favour.

Can you still access a telnet session from cmd > telnet.

I'm having difficulties in obtaining a user initiated telnet session to a router that I currently have on that I know others have been able to establish.    I just wanted to make sure it wasn't something related to cryptoprevent.   Just quickly wanted to eliminate this as a possible cause because its the only thing settings wise that Ive done recently.

[tbailey2]

Can you still access a telnet session from cmd > telnet.

Yes, as long as I enable Telnet via Windows Turn Features on or off.......

[kitz]

Cheers tony - yes I have telnet client enabled in there.   I was trying to avoid taking a router off, putting another on to test and then swapping back again.