How to properly set up Geswall

Discussion in 'other anti-malware software' started by trjam, Jul 10, 2008.

Thread Status:
Not open for further replies.
  1. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    778
    Set to medium but in High with ShadowDefender on when my son goes surfing ;)
    And thanks for the link to the GeSWall custom rules Aigle

    Ian
     
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,167
    Location:
    UK / Pakistan
    Medium is default & give solid portection already.
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,167
    Location:
    UK / Pakistan
    U r welcome.
     
  4. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    778
    I have added Threat Gate protection for my CdRom device in Resources; to add Threat gate protection for my USB drive do I simply enter "\Device\USB" as the resource in the Resource Properties window that opens up from 'add resource'.
    Also, is it possible or even sensible to make "My Documents" confidential rather than adding individual folders to the default confidential folder within My Documents? Hope that makes sense. If that is a stupid idea or thing to do please say so, no offense taken, I'm still learning:D

    Ian
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,167
    Location:
    UK / Pakistan
    It will not work as I know. USB protection is still on to-do list. GW has also problems with non-NTFS file system( FAT).
    U can do it but u will be irritated by the confidential folder access pop up for some applications like ur browser etc. U have to press Deny each time as there is no option To Remember This action. That is alos on to-do list.
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    hi aigle
    i see that you know how well GeSWall works and i have a question for you.;)
    can GeSWall free or GeSWall pro blocks or Prevents a cross-site scripting attack that introduces malicious scripts injection into iexplorer?
     
  7. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    778
    Many thanks for your replies aigle. Will wait for USB fix, just continue to be vigilant in the meantime. I have NTFS so no problem there.
    Your answer re confidential folders was much as I expected. If you don't ask you don't find out.

    Ian
     
  8. Henk1956

    Henk1956 Registered Member

    Joined:
    Dec 3, 2007
    Posts:
    55
    On a USB you can not label individual files as trusted or untrusted.

    However, you can add USB devices as Threat Gates, meaning that any executable started from the USB device will run isolated.

    The rules to be created in Resources for this (and other devices) are given in:

    https://www.wilderssecurity.com/showpost.php?p=1202946&postcount=24
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,167
    Location:
    UK / Pakistan
    Thanks. I remember that discussion in the past but so far i have not tried it. I will try it now. Nice tip. :thumb: :) :thumb:
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,167
    Location:
    UK / Pakistan
    Ofcourse not.

    It,s not job of a sandbox and no sandbox can do this. For Cross Site Scripting we will need something else instead.
     
  11. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    cause i was told at sandboxie forum that sandboxie does blocks this type of attack.o_O
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,167
    Location:
    UK / Pakistan
    I don,t think so, it( and no Sandbox/ HIPS) can stop Cross Site Scripting according to my understanding. However they can stop damage from malicious java scripts excuted by the browser. The two things are different.
     
  13. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello jjmonge,

    To the best of my knowledge, until proven otherwise, SandBoxie(SBIE) does not block cross-site scritpting(XSS). The same goes for BufferZone(BZ), DefenseWall(DW) and GeSWall(GW). Keep in mind that XSS is just a "means" to redirect one's web browser to a malicious site, steal private/sensitive information or expose one to drive-by-downloads(malicious payload delivered via manipulated javascript, iframes, ActiveX & Flash and exploit targeted malware).


    Peace & Gratitude,

    CogitoErgoSum
     
    Last edited: Jul 13, 2008
  14. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    i was told that what ever is inside the sandbox will stay inside the sandbox without getting any damage.o_O
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,167
    Location:
    UK / Pakistan
    Just tried it and it works great. Thanks
     
  16. Henk1956

    Henk1956 Registered Member

    Joined:
    Dec 3, 2007
    Posts:
    55
    Happy to contribute.

    Henk1956
     
  17. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,167
    Location:
    UK / Pakistan
    Ok, for an additionl protection here is how to make a global custom rule that will deny internet access of all applications running inside GesWall except those u allow explicitly. It will stop any malware running untrusted from sending any info out of ur system.

    Open GW Console, go to resources. Find the rule for network and open its properties via right click menue or by double clicking it.

    Security Class: Threat Gates
    Resource Type: Network
    Resource: *

    Change security class to confidential. Now no application running inside GW will be able to get internet access( however by this rule u might loose the pop up u get when some application tries to access network and GW offres to run it isolated- for some applications).

    Next allow ur internet programmmes like browsers, messengers to access internet while running inside GW by creating an exception rule for each.

    See example for Opera. Open GW console. Go to Application> WEb Browsers> Opera. Right click and choose Add Rule.

    Resource Name: *
    Resource Type: Network
    Access Permission: Allow

    Click OK to add rule. Now opera can access the network. Add rule similarly for all intenet related applications u run inside GW.

    Note: A minor glitch, I have noticed that for new rules to work properly sometimes u need to stop n restart GW service ( gswserv.exe)- go to Start> Run , type services.msc, press Enter, it will open services, select GW service and select restart. Or u can simply reboot ur PC. However it,s not always necessary.

    1.jpg

    2.jpg

    3.jpg

    4.jpg

    5.jpg
     
    Last edited: Jul 12, 2008
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,167
    Location:
    UK / Pakistan
    Here is an exmplae. I run UltraExplorer inside GW and tried to check for updates. Internet access was denied.

    1.jpg

    2.jpg

    3.jpg

    4.jpg
     
  19. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    What's the difference between Medium and High?

    Thanks
     
  20. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,961
    Location:
    USA
    from GentleSecurity Online Documentation...

     
  21. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
  22. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,167
    Location:
    UK / Pakistan
    It depens upon the parent applications who created it and/ or launched it.
     
  23. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    Well what if I just opened a malware without realising it?

    Thanks
     
  24. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,167
    Location:
    UK / Pakistan
    No Sandbox will protect u if u executed a malware as trsuted, by urself.

    If the malware came via an isolated application, say ur browser, it will be tagged untrsuted and even if u execute it( or it,s executed as a drive by download), it can,t damage your system.

    However if you marked it trusted and then executed, it will do its evil job. It,s true for all sandboxes.
     
  25. Ohmy

    Ohmy Guest

    Seems like a lot of people are using
    one of Shadow Defender, Defensewall, Geswall
    for their main security appz.
    I use Defensewall though :)
    Is Shadow Defender also good?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.