GentleSecurity Forum Index GentleSecurity

 
 FAQFAQ   SearchSearch   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Is there anyway to restrict process creation?

 
Post new topic   Reply to topic    GentleSecurity Forum Index -> Frequently Asked Questions
View previous topic :: View next topic  
Author Message
Andrew



Joined: 13 Aug 2006
Posts: 45
PostPosted: Mon Sep 11, 2006 8:45 pm    Post subject: Is there anyway to restrict process creation? Reply with quote
Process creation is not restricted because it doesn't make sense with GeSWall. Just start an IE as isolated and any spawned process will be inherently isolated as well. So even if somebody starts a malware through IE tricks it will not make damage. Whenever an isolated IE creates a file GeSWall tracks it down. Next time you try to run that file, GeSWall will pop up a dialog saying that file source is untrusted and suggesting isolate it as well. When "Orange security level" is used, isolation comes automatically without pop-ups http://www.gentlesecurity.com/docs/seclevels.html If file is a DLL, that DLL will be prevented to be loaded into trusted process. If file is a driver it will be blocked to load into kernel, if file is vbs "Windows Script Host" gets isolated while translating the script, etc..
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    GentleSecurity Forum Index -> Frequently Asked Questions All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group