Page 5 of 6 FirstFirst ... 3456 LastLast
Results 61 to 75 of 89
  1. #61
    New Lounger
    Join Date
    Dec 2009
    Location
    Las Vegas, Nevada, USA
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Medico View Post
    Unfortunately since Karen's untimely passing, her tools are no longer being updated. I wonder if they might work with the newer OSes.
    FWIW, I am using several of her utilities with W7 without a problem. I think most, if not all, of her utilities are written in VB.

  2. #62
    New Lounger
    Join Date
    Jul 2013
    Location
    Murphy, NC
    Posts
    19
    Thanks
    0
    Thanked 2 Times in 2 Posts
    In case anyone besides me was interested in what the acronym "HIPS" expands to (although its meaning seemed fairly clear from context in this thread), it's "Host-based Intrusion Prevention System.“

    Dave

  3. #63
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,352
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    Quote Originally Posted by cmptrgy View Post
    On my data backup, I have a batch file that automatically saves my data on a daily basis onto a USB flash drive
    --- I have batch files to do the same for my son & my brother
    Just my $.2 here. Flash drives are notoriously unreliable, in my experience. I wouldn't rely on them to be anything other than (very) transient locations for your important data.
    Rui
    -------
    R4

  4. The Following User Says Thank You to ruirib For This Useful Post:

    cmptrgy (2013-12-02)

  5. #64
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,352
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    Quote Originally Posted by DavidHLevin View Post
    In case anyone besides me was interested in what the acronym "HIPS" expands to (although its meaning seemed fairly clear from context in this thread), it's "Host-based Intrusion Prevention System.“

    Dave
    Yes, that's precisely what it means .
    Rui
    -------
    R4

  6. #65
    4 Star Lounger
    Join Date
    Jul 2012
    Posts
    407
    Thanks
    226
    Thanked 27 Times in 26 Posts
    Rui your $.2 is appreciated.
    One of my best friends daughter just lost data on her flash drive that she was using as the medium on which she was doing her files and a local computer shop told my friend it would cost about $400 to retrieve that data. So the consequences are: lost data.

    I should have included in my storage strategy that I have another computer I use to maintain a 3rd copy of my data so that I have 3 locations of saved data: my XP desktop computer, the flash drive & my Windows 7 laptop computer

  7. #66
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,352
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    Quote Originally Posted by cmptrgy View Post
    Rui your $.2 is appreciated.
    One of my best friends daughter just lost data on her flash drive that she was using as the medium on which she was doing her files and a local computer shop told my friend it would cost about $400 to retrieve that data. So the consequences are: lost data.

    I should have included in my storage strategy that I have another computer I use to maintain a 3rd copy of my data so that I have 3 locations of saved data: my XP desktop computer, the flash drive & my Windows 7 laptop computer
    Yes, I have seen that happening all too frequently .
    Rui
    -------
    R4

  8. #67
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,327
    Thanks
    139
    Thanked 117 Times in 100 Posts
    Lest my point be lost, I am still wondering why the protections which the Windows Secrets article suggests, or which Crypto Prevent supplies, could not be rolled into a patch and applied as a critical Security Patch by Microsoft? Would too much software crash if this were done? Are there any other side effects which would make people wish Microsoft hadn't issued such a patch?
    -- Bob Primak --

  9. #68
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    Quote Originally Posted by bobprimak View Post
    Lest my point be lost, I am still wondering why the protections which the Windows Secrets article suggests, or which Crypto Prevent supplies, could not be rolled into a patch and applied as a critical Security Patch by Microsoft? Would too much software crash if this were done? Are there any other side effects which would make people wish Microsoft hadn't issued such a patch?
    Bob, Microsoft probably wouldn't care about breaking Spotify, or Foxit Reader Updater, but they probably would care about breaking Microsoft Office Installation. All three have been tripped by the recommended software restriction policies that I pushed to my users by GPO.

    Spotify shouldn't run in my environment, so that was left blocked. Foxit was fixed by whitelisting.

    However, the Office Installation was a nightmare at first. I tried several variations of whitelisting, but eventually cheated. I dropped the machine off the domain to run it as a local machine with default group policy, installed office, and then rejoined it to the domain. In a home environment with Crypto Prevent installed the quick way would be to back out the restrictions, install office, then re-install the restrictions.

    I'm sure MS could figure out a full fix for that, but I didn't have the time to work the problem for something that I'll probably do infrequently on a machine already domain joined.
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

  10. The Following User Says Thank You to Tinto Tech For This Useful Post:

    brino (2014-01-30)

  11. #69
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,352
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    Quote Originally Posted by Tinto Tech View Post
    Bob, Microsoft probably wouldn't care about breaking Spotify, or Foxit Reader Updater, but they probably would care about breaking Microsoft Office Installation. All three have been tripped by the recommended software restriction policies that I pushed to my users by GPO.

    Spotify shouldn't run in my environment, so that was left blocked. Foxit was fixed by whitelisting.

    However, the Office Installation was a nightmare at first. I tried several variations of whitelisting, but eventually cheated. I dropped the machine off the domain to run it as a local machine with default group policy, installed office, and then rejoined it to the domain. In a home environment with Crypto Prevent installed the quick way would be to back out the restrictions, install office, then re-install the restrictions.

    I'm sure MS could figure out a full fix for that, but I didn't have the time to work the problem for something that I'll probably do infrequently on a machine already domain joined.
    You mean CryptoPrevent prevents Office from installing?
    Rui
    -------
    R4

  12. #70
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    Quote Originally Posted by ruirib View Post
    You mean CryptoPrevent prevents Office from installing?
    Yes, if my understanding and implementation of the Crypto Prevent mechanism is correct.

    I use the same generic rules that Crypto Prevent uses, but pushed through GPO to our machines on a domain based network. Installation of Office 2010 and Office 2013 were both blocked on two new machines I recently setup. I don't have the details of the blocked application to hand right now, but I'll see if I can dig it out later and update.

    The event log was quite explicit recording the software restriction policy being triggered.

    After dropping the machines off the domain therbye implementing default group policies, Office installed without a hitch. After installation, both versions of Office run just fine on the domain with the restriction policies implemented.

    I'm torn between blaming MS for deploying the Office installer to execute from within %appdata%/temp and Crypto Locker for giving me a headache I didn't have before.

    However, every cloud has a silver lining and Crypto Locker has given me reason to review security at work and at home with a fresh pair of eyes.
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

  13. The Following User Says Thank You to Tinto Tech For This Useful Post:

    ruirib (2013-12-03)

  14. #71
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,352
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    Quote Originally Posted by Tinto Tech View Post
    Yes, if my understanding and implementation of the Crypto Prevent mechanism is correct.

    I use the same generic rules that Crypto Prevent uses, but pushed through GPO to our machines on a domain based network. Installation of Office 2010 and Office 2013 were both blocked on two new machines I recently setup. I don't have the details of the blocked application to hand right now, but I'll see if I can dig it out later and update.

    The event log was quite explicit recording the software restriction policy being triggered.

    After dropping the machines off the domain therbye implementing default group policies, Office installed without a hitch. After installation, both versions of Office run just fine on the domain with the restriction policies implemented.

    I'm torn between blaming MS for deploying the Office installer to execute from within %appdata%/temp and Crypto Locker for giving me a headache I didn't have before.

    However, every cloud has a silver lining and Crypto Locker has given me reason to review security at work and at home with a fresh pair of eyes.
    That's a pretty big downside to CryptoPrevent, if confirmed. I am curious to see if this will bring any changes to how Microsoft deals with similar situations (using of %appdata%/temp).
    Rui
    -------
    R4

  15. #72
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    Agreed.

    I'll try make time to install Office on a fresh VM with Crypto Prevent installed and feedback the results. Or maybe somebody else could verify and add their experience?
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

  16. #73
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,352
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    Quote Originally Posted by Tinto Tech View Post
    Agreed.

    I'll try make time to install Office on a fresh VM with Crypto Prevent installed and feedback the results. Or maybe somebody else could verify and add their experience?
    Afraid I can't help with that now, but it would be interesting to know if anyone hit this barrier.
    Rui
    -------
    R4

  17. #74
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    Something very odd....

    On a XP Virtual Machine, with Crypto Prevent v4.3 installed, Office 2010 installs without error.

    However, if I run RSOP on the machine there are no software restriction policies set. Crypto Prevent appears to be passing its own self test because I can see an even 866 in the event logs when I use it's self test:

    Crypto Prevent self test.jpg

    but RSOP shows no restrictions:

    RSOP Computer Config.jpg
    RSOP User Config.JPG

    My manually set software restriction policies pushed by GPO do indeed cause Office Installation to fail by blocking ose0000.exe :

    event 866.JPG

    This is not what I had expected from Crypto Prevent. I had expected it to apply the restriction policies in the same way as the bleepingcomputer article previously referred to. So now I'm not sure where Crypto Prevent is applying these policies and whether it has a white list entry for ose0000.exe.

    Sorry, I think the waters just got even murkier
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

  18. The Following User Says Thank You to Tinto Tech For This Useful Post:

    ruirib (2013-12-03)

  19. #75
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,352
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    Hmm... interesting and puzzling.
    Rui
    -------
    R4

Page 5 of 6 FirstFirst ... 3456 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •