Go Back   Tech Support Forum > Security Center > General Computer Security

User Tag List

Whitelisting apps and blocking

This is a discussion on Whitelisting apps and blocking within the General Computer Security forums, part of the Tech Support Forum category. Hi all. I was recently looking into Macrium Reflect for disk imaging, and saw neat feature (in paid version) that


Reply
 
Thread Tools Search this Thread
Old 02-21-2020, 09:55 AM   #1
Registered Member
 
Natsuke's Avatar
 
Join Date: Apr 2011
Location: Croatia
Posts: 261
OS: Windows 10 64bit Pro

My System


Hi all.
I was recently looking into Macrium Reflect for disk imaging, and saw neat feature (in paid version) that protects created images from ransomware influence. Basically, it prevents any program touching it except for Macrium Reflect itself.

Since that is just disk imaging and protects only those backups, I was looking for some kind of application that can allow/prevent running of any app or process that I tell it so.

Basically, I want it to block any installation if not on my whitelist.

I was thinking maybe any kind of AV with active protection might have such option, or any dedicated program. Whitelisting/blocking should work on any app, not just those AV detect as PUPs or threats.

Is there any such application?

Thanks in advance,
Zoran
Natsuke is offline   Reply With Quote
Sponsored Links
Advertisement
 
Old 02-21-2020, 11:25 PM   #2
Moderator TSF
Hardware Team Moderator
 
Stancestans's Avatar
 
Join Date: Apr 2009
Posts: 4,925
OS: Windows 10



Since you have Windows 10 Pro, you can use group policy to do this. Visit https://www.howtogeek.com/howto/8739...-in-windows-7/ for more information, try it and see if it works for you.
Stancestans is offline   Reply With Quote
Old 02-22-2020, 01:19 AM   #3
Registered Member
 
Natsuke's Avatar
 
Join Date: Apr 2011
Location: Croatia
Posts: 261
OS: Windows 10 64bit Pro

My System


Thanks for reply. I think it might do the job, at least the last part of instructions. If I set it that way, will it refuse to run malware which doesn't normally install but run from other places like memory?
I'm trying to find a way to prevent ransomware touching my files.
Also, if I set up Windows to require authentication to install anything, could malware bypass this setting?

Thanks for helping!
Natsuke is offline   Reply With Quote
Sponsored Links
Advertisement
 
Old 02-22-2020, 01:57 AM   #4
Moderator TSF
Hardware Team Moderator
 
Stancestans's Avatar
 
Join Date: Apr 2009
Posts: 4,925
OS: Windows 10



Quote:
Originally Posted by Natsuke View Post
Thanks for reply. I think it might do the job, at least the last part of instructions. If I set it that way, will it refuse to run malware which doesn't normally install but run from other places like memory?
I'm trying to find a way to prevent ransomware touching my files.
Also, if I set up Windows to require authentication to install anything, could malware bypass this setting?

Thanks for helping!
You should use proper ransomware protection for this then, not group policy. No, it will not refuse to run malware. Windows 10 already has inbuilt ransomware protection, you just need to switch it on and add the folders you want to protect. See https://www.ghacks.net/2019/08/15/ho...dows-defender/ for details. Ransomware protection is a feature of Windows Defender (a fully-featured antivirus solution that's built into Windows 10) which we recommend you use instead of third-party solutions. Besides turning on ransomware protection, you should also have a backup strategy for your data. This is even more important than running a ransomware protection program. Also, remember, that you, the user, are the weakest link no matter what security measures you put in place. Tame your online habits and you'll be fine. Always assume that malware can bypass whatever measures you put in place. There is no 100% security solution out there. No such thing exists. Sometimes all it takes is a simple trick to fool the user (you) into lowering your guard, then boom!
Stancestans is offline   Reply With Quote
Old 02-22-2020, 03:33 AM   #5
Registered Member
 
Natsuke's Avatar
 
Join Date: Apr 2011
Location: Croatia
Posts: 261
OS: Windows 10 64bit Pro

My System


Yeah, I have data backed up to disconnected HDD, so it's "safe". Also I do use defender, didn't know it had this protection, thought it's plain AV.
So, as always, better to buy another external HD and use it for backups, and back data up frequently.
I just thought Malwarebytes had similar protection - whitelist/blacklist of programs, but I guess it can't blacklist something you don't have yet.

Thanks for help!
Natsuke is offline   Reply With Quote
Old 02-22-2020, 07:16 AM   #6
Moderator TSF
Hardware Team Moderator
 
Stancestans's Avatar
 
Join Date: Apr 2009
Posts: 4,925
OS: Windows 10



Quote:
Originally Posted by Natsuke View Post
Yeah, I have data backed up to disconnected HDD, so it's "safe". Also I do use defender, didn't know it had this protection, thought it's plain AV.
So, as always, better to buy another external HD and use it for backups, and back data up frequently.
I just thought Malwarebytes had similar protection - whitelist/blacklist of programs, but I guess it can't blacklist something you don't have yet.

Thanks for help!
A blacklist/whitelist approach is too much work to implement, full of holes and could easily cripple a system and make it inaccessible if you're not careful. For example, it's very tempting to use a "block all except the ones I whitelist" strategy, but in doing so, you forget to whitelist executable files that are needed for the normal functioning of the operating system. If you somehow manage to create a whitelist of "safe" executables, malware could easily masquerade as one of the whitelisted executables, like they've been doing all along, and just like that, they would get a clear pass to run!

A backup will get your system back up and running in no time, no matter how severe a malware attack is, as long as the backup itself isn't compromised. I would rather invest time and resources in backups and safe practices. Learn the dos and don'ts of web browsing and how to handle suspicious files of whichever origin.
Stancestans is offline   Reply With Quote
Old 02-25-2020, 09:15 PM   #7
Registered Member
 
Geekomatic's Avatar
 
Join Date: Jul 2010
Location: Western Australia
Posts: 48
OS: XP, Vista, Win7, Win 8/8.1, Win 10, Linux Mint

My System


Operate under a standard user account and scan anything you download. As always, be sure you know what you're downloading and that it's being initiated by you.
Geekomatic is offline   Reply With Quote
Old 02-25-2020, 10:08 PM   #8
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Posts: 573
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



The thing to remember about any backups you make to protect yourself against Ransomware, is that they need to be stored on media that is not permanently connected to your computer.

In other words, whenever you're not either creating a backup, or restoring from one, the media should be physically disconnected, because Ransomware will usually look for any connected backups, and encrypt any it finds.
__________________
Gary R is offline   Reply With Quote
Old 02-26-2020, 08:12 AM   #9
Registered Member
 
Join Date: Dec 2011
Posts: 5
OS: win 7


Pin

A great FREE app for Ransomware protection is offered by data protection vendor Acronis. Acronis Active Protection prevents attacks by using AI and machine learning technology. It also protects against MBR overwrites which is a plus over competitors.

Moderator's message:
This post has been edited to remove a download link that points to a third-party website. Please post a link to the official download website if you must.
railman is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:44 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts