Reply To: VoodooShield and SRP

    SudoJudo
    Participant
    none
    I guess that Umbra dude doesn’t understand that DLL’s are called by executables, does he?

    My guess, people like him aren’t going to shut up until VS can function as a full SRP. I have little doubt that Dan could write something like this in a weekend.

    Dan, I am not really appraised with exactly how an SRP works. AppGuard to me, is pretty basic and works like a group policy editor in terms of software. It allows software to execute in many cases, but restricts what they software can do. For example in my testing it allowed Brave Browser to run, but prevented Brave from writing to some registry keys.  Is this where AppGuard differs from VS/WLC?

    I know when I tested AppGuard I had to quickly remove it as it impacted the functionality and usability of the system to such an extent that it rendered it basically a brick. Even with tweaking, it required more tweaking. Eventually I was spending so much time trying to get things to work I removed it.

    So my question is – the firewall aspect of WLC isn’t helpful to me, I use a stand alone, powerful firewall. However, what happens when WLC encounters an unsafe file right now other than the firewall rule? Would giving WLC an option to ‘kill’ an unsafe program and it’s activities essentially make WLC into an SRP?

    If so, I would say go for it. As WLC’s intelligent quantification of software would reduce the alerts from a traditional SRP whilst providing SRP activity?

     

    0
    0