Jump to content

Peter2150

Member
  • Posts

    591
  • Joined

  • Last visited

  • Days Won

    18

Posts posted by Peter2150

  1. 15 hours ago, GT500 said:

    Firstly, if your torrent client is doing something you feel is necessary to block, then why are you continuing to use it? Perhaps something such as qBittorrent would be better for you?

    As for the issue at hand, have you checked the exclusions to make sure that the folder utorrentie.exe is in (or any parent folders) are not excluded?

    Arthur

    I am going assume you  were tired when you wrote that.  Other wise it  is beyond lame.   I block one or two windows processes and also two Quickbooks processes.   By  that  logic I shoudn't run them?

    But here's the real problem, and  I will test this weekend.   If the new beta BB isn't blocking based on the always block rule that is catastrophic.  If that rule doesn't work how can I trust the BB at all?

  2. Well I am going to retract my statement that this update was smooth.   Far from it.    Last night when I saw the initial updates, I noticed one app in particular generated BB alerts.  What wasn't right was that clicking on allow always didn't stop the alerts.  In case of the desktop it took almost 5 attempts and then finally it took.

    This morning I let the work machine update, and saw the same thing except I couldn't get it to stop alerting, so finally I rolled that machine  back to stable.

    I've noticed this evening some funny stuff on the machine still having the beta one it, and I've just noticed some flaky behavior.   I won't have time to do logs or do any trouble shooting, until I get past my Jury duty stuff.  In fact I've rolled back the machine to stable.  Just can't afford issues while I might be gone.   When I am by this Jury duty thing I'll get back at and get some logs.

  3. Guys a couple of important  points.

     

    1.  THIS IS A BIGGIE.   That zip file is live malware.   If you don't know what you are doing.  DON'T MESS WITH IT.

    2. In terms of dealing with this malware a couple of things.

    The BB may  not be perfect, and the File Guard may not be perfect but together they can be a formidable defense.  When I tested this file upon extracting them all 4 pieces of malware were immediately quarantined by the File Guard.  So you were protected.

    But there is also a third thing you can do and it totally nails the coffin.

    Most users  have no use for powershell other than potentially getting infected so do this:

    1 Go to the Protection tab>Application Rules.

    You are going to create 4 new rules as  follows.

    a) select c:\windows\system32\WindowsPowershell\v1.0\Powershell.exe    set it to always block

    b)  Do the same thing for powershell_ise.exe

    Then repeat a and b but with c:\windowss\syswow64\windowspowershell\v1.0    and the same two exe's

     

    Then you can relax about powershell

  4. Occasionally conflicts have cropped up, but between you and the SBIE folks they have been resolved.   People feel very strongly about SBIE.    I know if I install a product and there is a conflict and clearly it is the product and not SBIE, that product is gone.  SBIE is unique!!

  5. 2 hours ago, GT500 said:

    A solid backup strategy is, of course, absolutely vital. As for "layered protection", since it usually means running multiple security software on the same computer, we tend to recommend avoiding that if possible. Shadow Defender and Sandboxie may be OK (I have not tested them), but if they have to open hooks to running programs then there could be problems.

     

     

    Hi Arthur

    I've been running both Sandboxie and ShadowDefender since long before Emsisoft.   Never had the slightest issue.   Both on Win 7 and Win 10 CU

    Pete

  6. Hi Jeremy

    Good assumption.   I test a lot of malware and I keep that totally in a VM.   It's snapshot ability is a joy  to work with.  Only way you can even format a drive and restore a snapshot and you are back.   And yes you are right about SD.    It just removes all traces of what was done, and yet gives you the ability to keep something if you really need to.

     

    Pete

  7. It does a fantastic job.   I was   asked to confirm a Ransware leak on another program and couldn't do it in a VM, so I Shadowed all 3  of my internal drives with Shadow Defender, and let this nasty go.   It encrypted  a lot of stuff on all 3 drives.   I exited it out with a reboot,  and bingo, a clean system.   I've even tested Goldeneye against it.   SD protects the mbr, so when it ran, once Golden Eye forced a reboot it should have been game over.   In stead the reboot took SD out of Shadow Mode and bingo clean system.

×
×
  • Create New...