Was a really great experience testing and showcasing this (& trying to break it). You can check out ThreatLocker here: threatlocker.com/ericparker In addition, I will be at ZTW - ztw.com/ in case anyone else is planning on attending.
it would be awesome in the future instead of saying "taking a look at" "showcasing" say advertising this is a sponsor but i had to read the description to figure that out
I know I commented this before, but I would still like to see how effective Windows 11 Smart App Control (the optional feature that requires a clean install, not just Smart Screen) is against malware, because it is also supposed to not trust applications and also DLLs by default and only allow reputable apps to run or apps signed by reputable vendors. I think zero trust is probably the best way to protect against threats, because detection that requires signatures is always going to be too slow, unless behavioural detection improves a lot.
I can try it, hadn't heard of it before. I'd imagine it'll perform somewhere around where a quality (IE BitDefender / kaspersky) AV performs, but with different misses. Non EV certs are easy enough to acquire, EV is too much of a barrier for independent devs. I think signed = good unsigned = bad is a very weak heuristic (most ML detectors also use this one). >How can I tell Smart App Control to let this one specific app through? There is currently no way to bypass Smart App Control protection for individual apps. You can turn Smart App Control off, or (better yet), contact the developer of the app and encourage them to sign their app with a valid signature. This essentially kills that for most real world usecase (unless you just want a webbrowing computer).
@@EricParker Yes, I understand that not being able to exclude specific apps can be a problem for some people, but it hasn't really been an issue for me. I only run well-known software and games from Steam on my main PC, but I think a lot of people do. I'm a bit paranoid about security, so when I set up Windows 11 I decided to try it, because it can run in addition to a different antivirus product, and so far had no issues. I don't know how much it actually helps from a security standpoint, but if it works well enough it could be a good additional layer of protection that might detect something that got through a different AV, for example. Sadly there is not a lot of information about how it actually works. Signatures are one part of it, but how exactly Microsoft determines which apps are "reputable" isn't really transparent, so it would be really interesting to see how it does against real malware.
Yes, prevention is great but that won't fix the underlying security flaws in Window's architecture, like for example process boundaries being virtually inexistent (tho one could say that is also the case on a non Yama Linux system with ptrace)
Seems like a sensible solution for businesses with a competent IT Admin. Would be nice to have a similarly nice to use Sandboxing tool for regular users. Where you will be prompted on-device how restricted you want to run the executable.
You can disable it with group policy (or any enterpise security system). What's cool with ringfencing is that you don't have to give it up if you do have some uses for it. A lot of sysadmins use it.
Interesting solution compared to the usual anti virus software out there. IT knowledge increased - thanks for showcasing :D Will keep this in mind for future projects!
I don't know if I want to have all my app interactions to be controlled through their servers... Couldn't they make a local UI? What a privacy disaster.
Would love to see a dive into the Agile Blue suite. At the company I work for we switched to it after the Kaspersky ban. I personally have very mixed feelings on it, but would love to see how it stacks up.
You can do so, it's not really needed though. It is insanely difficult to get any malware to run under such a system, and the main additional security can be achieved within. Big thing that needs to be done is locking down any needed risks (IE word macros) as much as is humanly possible. Doing that you have a really hard to break system.
Was a really great experience testing and showcasing this (& trying to break it). You can check out ThreatLocker here: threatlocker.com/ericparker
In addition, I will be at ZTW - ztw.com/ in case anyone else is planning on attending.
it would be awesome in the future instead of saying "taking a look at" "showcasing" say advertising this is a sponsor but i had to read the description to figure that out
Hello Eric, could you make a video on Unity Game Engine malware? Is it possible to make malware on Unity?
I use Threatlocker and it’s great. Too bad they require you to buy 100 agents minimum.
Not if you use it with atera. Starting with 1 User!
I've only got experience with Ivanti Application Control... seems similar to Threatlocker but man does it use a lot of cpu hooking everything
when eric parker of all people accepts a cybersecurity sponsor thats how we know they're serious
You are putting trust into a commercial closed-source application because your favorite cybersecurity TH-camr accepted a sponsorship from them?
@@toomanycharacter I'd rather trust the NSA backed Open source kernel module
@ of course not, not even windows comes within a mile of my house
but i'd recommend it to people who use windows and I don't despise
I was thinking about proposing a zero trust posture at work last week. This showed up like an angel in my feed haha
is there a consumer version of this?
I know I commented this before, but I would still like to see how effective Windows 11 Smart App Control (the optional feature that requires a clean install, not just Smart Screen) is against malware, because it is also supposed to not trust applications and also DLLs by default and only allow reputable apps to run or apps signed by reputable vendors. I think zero trust is probably the best way to protect against threats, because detection that requires signatures is always going to be too slow, unless behavioural detection improves a lot.
I can try it, hadn't heard of it before. I'd imagine it'll perform somewhere around where a quality (IE BitDefender / kaspersky) AV performs, but with different misses. Non EV certs are easy enough to acquire, EV is too much of a barrier for independent devs.
I think signed = good unsigned = bad is a very weak heuristic (most ML detectors also use this one).
>How can I tell Smart App Control to let this one specific app through?
There is currently no way to bypass Smart App Control protection for individual apps. You can turn Smart App Control off, or (better yet), contact the developer of the app and encourage them to sign their app with a valid signature.
This essentially kills that for most real world usecase (unless you just want a webbrowing computer).
@@EricParker Yes, I understand that not being able to exclude specific apps can be a problem for some people, but it hasn't really been an issue for me. I only run well-known software and games from Steam on my main PC, but I think a lot of people do. I'm a bit paranoid about security, so when I set up Windows 11 I decided to try it, because it can run in addition to a different antivirus product, and so far had no issues. I don't know how much it actually helps from a security standpoint, but if it works well enough it could be a good additional layer of protection that might detect something that got through a different AV, for example. Sadly there is not a lot of information about how it actually works. Signatures are one part of it, but how exactly Microsoft determines which apps are "reputable" isn't really transparent, so it would be really interesting to see how it does against real malware.
Yes, prevention is great but that won't fix the underlying security flaws in Window's architecture, like for example process boundaries being virtually inexistent (tho one could say that is also the case on a non Yama Linux system with ptrace)
Hey Eric - if I wanted this for personal use, is there any way to just buy a couple of licenses?
Another person mentioned it is a 100 agent minimum :(
So, AppArmor for Windows?
Well, that is if you take ease of use into account, if not it's just NSA Linux but Windows™
It very mildly reminds me of TinyWall in it's customizability.
Any open source alternatives?
Seems like a sensible solution for businesses with a competent IT Admin.
Would be nice to have a similarly nice to use Sandboxing tool for regular users. Where you will be prompted on-device how restricted you want to run the executable.
Do regular programs use power shell much? I wonder if simply renaming power shell to something else could block a lot of malware.
You can disable it with group policy (or any enterpise security system). What's cool with ringfencing is that you don't have to give it up if you do have some uses for it. A lot of sysadmins use it.
For The restricting network acces, does it Block information coming in too? Because that might Block me from using the app
It's bidirectional, you can lock it down / unlock it more specifically, or control the APPs access to the file system if that works better.
What does it use to determine "internet" in this context? Azure, for example, is very confusing that way.
Interesting solution compared to the usual anti virus software out there. IT knowledge increased - thanks for showcasing :D Will keep this in mind for future projects!
So, it's like selinux for windows?
Pretty neat. Out of curiosity, what happens if you try learning it on a machine already infected with malware?
I don't know if I want to have all my app interactions to be controlled through their servers... Couldn't they make a local UI? What a privacy disaster.
Very Interesting! *New Knowledge Obtained!*
Would love to see a dive into the Agile Blue suite. At the company I work for we switched to it after the Kaspersky ban. I personally have very mixed feelings on it, but would love to see how it stacks up.
Hello Eric!
where is the free ripp off?
1:38 "I can use Blender cause I already have that set up"
1:41 "Except I can't because this VM doesn't have a GPU"
A bit contradicting 🤣
i wonder who on reddit will tell me this is bloatware too lmfao
Can you do a video about a roblox executor that hides (possibly) malware very good. I've send you an email about it
Just reminded of apparmor on Linux, tho it's probably not as comprehensive as this thing is
Nice vid man
Can you pair this with Bitdefender? Or is that counter intuitive
In the video he is running it with Windows Defender, so I guess it can be used with BitDefender as well.
You can do so, it's not really needed though. It is insanely difficult to get any malware to run under such a system, and the main additional security can be achieved within.
Big thing that needs to be done is locking down any needed risks (IE word macros) as much as is humanly possible. Doing that you have a really hard to break system.
@@EricParker good to know, thanks
you can not make Microsoft safe
hi eric
Lucas
again content is very small, I can't see it well
You shall use League of Legends as an example 😂
Hi
Can't believe I just watched a 23 minute ad! 😮
do review about deepseek