Faronics Anti Executable
Hercules Montero
I know the basics like .exe, .dll, .com, .scr, .jar and .bat files. Are there other file types that can contain executable code that a Windows PC (or common software on it - like Word, Excel, Edge browser, Chrome browser, etc) can be made to (or tricked into) running?
Should it be possible to use a whitelist to block all of the file types that can execute code on a Windows system? It seems possible. If the system accesses a file with a file type that means that it could execute code, first get a hash of the file, then see if that hash is in the list of whitelisted files - if so, allow the execution, if not, block the execution with possibly a window to quarantine the file and send a request to a system admin to add the file to the whitelist.
Faronics Corporation is a privately held software company with offices in Vancouver, British Columbia, Canada, Pleasanton, California, United States, Singapore and Bracknell, UK. Faronics develops computer software for multi-user IT environments.
Faronics was founded in 1993 by Farid Ali, the company's present CEO, and was incorporated in 1996. Faronics first sold computer hardware and shifted to software in 1999 with the advent of Deep Freeze, a kernel-level software utility that instantly restores a computer back to its original configuration with every reboot.[2]
A software utility, released in 1999, that restores a computer back to its original configuration each time the computer restarts. Deep Freeze comes in two versions for Windows (Standard for standalone computers and Enterprise for networked computers) and a version for Mac OS X (a version for SUSE Linux Enterprise Desktop (SLED) by Novell was discontinued in 2010). Deep Freeze for Windows can be managed remotely via its Enterprise Console or via Faronics Core. Deep Freeze Mac can be centrally-managed in multiple computer settings via Apple Remote Desktop.
Deep Freeze is a kernel-level driver that runs at a low system level to protect drive integrity. Running at this low system level allows the driver to redirect information which is being written to the drive, leaving the original data intact. This redirected information is no longer referenced once the computer is restarted, thus restoring the system to its original state at the disk sector level. To the computer user, the computing experience is unaffected when Deep Freeze is active.
Originally released in 2005 as FreezeX, Anti-Executable is an application whitelisting software that, when first installed, creates a "whitelist" of executable files which exists on a computer. When Anti-Executable is active, unwanted executables which do not appear on the whitelist will not run. Anti-Executable comes in two versions for Windows (Standard for standalone computers and Enterprise for networked computers).[3] Anti-Executable Enterprise can be managed remotely via Faronics Core.
Released in 2010, this anti-virus software for Windows combines anti-virus, anti-spyware and anti-rootkit technologies. Faronics Anti-Virus works with Deep Freeze so that program updates can be performed without turning Deep Freeze protection off. Faronics Anti-Virus is managed remotely via Faronics Core.
Released in 2007, Power Save provides PC power management to aid in green computing initiatives and to help reduce power expenses.[4][5] Power Save monitors computer activity to avoid interfering with computers in use and produces reports which show power consumption savings. Power Save comes in versions for Windows and Mac OS X. Power Save for Windows can be managed remotely via Faronics Core. Power Save Mac can be monitored remotely via Faronics Core and centrally-managed via Apple Remote Desktop.
Released in 1997, WINSelect is a user environment management software that allows IT administrators to customize the operating system and application functionality of computers in public access, kiosk, library, educational, and corporate environments. WINSelect comes in two versions for Windows (Standard for standalone computers and Enterprise for networked computers). WINSelect Enterprise is managed remotely via Faronics Core.
System Profiler is an IT asset management software that can generate a detailed inventory of a computer workstation's hardware configuration and software installed in both a summary or report format. System Profiler comes in two versions for Windows (Standard for standalone computers and Enterprise for networked computers). System Profiler Enterprise is managed remotely via Faronics Core.
A management tool, released in 2008, that centrally administers computer workstation deployments of certain Faronics software products. Faronics Core utilizes MMC3 (Microsoft Management Console) technology which can create customized groups of computer workstations, schedule software-related tasks, and create reports. Faronics Core manages Faronics Anti-Virus, the Enterprise versions of WINSelect, Anti-Executable, and System Profiler, and the Windows editions of Deep Freeze and Power Save. Computers with Power Save Mac installed can be monitored by Faronics Core for reporting purposes.
A software security utility, released in 2007, that regulates peripheral devices connecting to Mac OS X desktop computers to prevent unauthorized data transfers or connections. Device Filter Mac can be centrally-managed in multiple computer settings via Apple Remote Desktop.
Faronics is also a member of the International Society for Technology in Education (ISTE),[23] EDUCAUSE,[24] British Columbia Technology Industry Association (BCTIA),[25] the Consortium for School Networking (CoSN)[26] and the Software and Information Industry Association (SIIA).[27]
An application whitelist is a list of authorized or permitted applications to install or execute on a host according to a well-defined baseline. The goal of application whitelisting technologies is to stop the execution of malware and other unauthorized applications.
Unlike application blacklisting, which blocks unwanted applications from executing, application whitelisting technologies are designed to ensure that only explicitly permitted applications run or execute. In fact, with an application whitelist, you are essentially blacklisting everything else except the applications you enable. The technologies used to enforce application whitelists are called whitelisting software.
The whitelisting software can distinguish between allowed and disallowed applications using various application file and folder attributes such as the file name, file path, file size, digital signature or publisher, and cryptographic hash.
The application of this level of control is one of the modern cybersecurity approaches to prevent several critical threats. Whitelisting is usually enforced at Layer 7 of the OSI model. The purpose of this article is to help organizations understand, evaluate, select, and implement the correct application whitelisting solution for their business.
Application whitelisting is a powerful tool deployed to defend your systems from known and unknown threats such as malware, advanced persistent threats (APTs), fileless attacks, zero-day and ransomware attacks, especially in high-risk environments where maximum security is required. If an application is found to have an unknown reputation, its execution will be denied. The default-deny policy of application whitelisting technologies makes it difficult for zero-day and ransomware attacks to execute.
While application whitelisting does a great job of protecting against malicious applications, it can be very restrictive. Every time the user needs to run a legitimate application that is not on the whitelist, they need to contact the admin. This can make a system difficult to use and create operational bottlenecks, inefficiency, and frustration in the workplace, especially in large organizations. In addition, the whitelisting solution can be a massive failure if end users are constantly unable to perform essential business functions on a day-to-day basis.
Creating a comprehensive whitelist and keeping it updated can be quite a challenging and demanding task to handle for the security admin. This explains why most organizations prefer to adopt blacklisting instead of going through the headaches involved in whitelisting. But these headaches can be significantly reduced if the whitelisting solution has pre-existing policy templates or the capability for security admins to pre-approve known applications that are considered safe. Then, when users attempt to install them, it proceeds without any restrictions.
ThreatLocker is a platform of resource protection systems that create a Zero Trust Architecture. The Whitelisting unit is called Allowlisting. This is a method of blocking all of the software on a computer from running unless it has been specifically approved. The Allowlisting method blocks malware and ransomware by default.
ThreatLocker blocks all processes from running on a computer. The administrator then users up a whitelist and software on that list is able to run. This is called Allowlisting and one list can be shared among multiple endpoints. ThreatLocker enables you to build a Zero Trust Architecture.
ThreatLocker also provides a form of access rights management in its package. This can apply controls on access to resources to specific IP addresses and allow or block users from having access to USB devices.
The entire package of the ThreatLocker platform enables you to move to protecting applications rather than networks or computers. This means that those applications can be hosted anywhere, including on your site or on cloud platforms. The deactivation of all execution rights for any file on your computers means that you could accumulate quite a lot of useless dead software on your endpoints and so you will need to institute a regular admin task to clean up each device. However, it is better to have dead-weight than active ransomware on your system.
b37509886e