Does CryptoPrevent do different stuff now?

These forums are retired and read-only.
Forum rules
These forums are retired and read-only.
For support, please visit https://www.d7xtech.com/support/

Does CryptoPrevent do different stuff now?

Postby jimnugent262 » Sat May 02, 2015 5:03 pm

Hi all,
Let me explain what I mean. When CryptoPrevent was created and gradually improved, for quite some time it was built around software restriction policies (or at least their implementation at the registry level). for the most part, it blocked the execution of files in the %APPDATA% tree and then elsewhere as necessary.

The beauty of this implementation was that if I installed something, or ran it for the first time, and it puked, I could look in the event log for event 866 SW Restriction Violation, which would confirm that the problem was CryptoPrevent.

If it's now doing other "definition based" filtering it won't be so simple. Not impossible, just not so simple. Is this the case.?

--
Jim
jimnugent262
 
Posts: 1
Joined: Sat May 02, 2015 4:33 pm

Re: Does CryptoPrevent do different stuff now?

Postby Michael » Mon May 04, 2015 6:46 pm

CryptoPrevent does everything it used to do and more. This will continue as the product continues to be updated. Regardless of that, ALL of the protections are noted in the event log and reported via email if configured. Please see here for more details:

http://www.foolishit.com/vb6-projects/c ... formation/

Windows Event Log Entries:

Software restriction policies will log a blocked application to the Windows Application event log with Event ID: 866
The CryptoPrevent Filter Module including Program Filtering log to the Application event log with Event ID: 10177 and Source: CryptoPreventFilterMod
Image
User avatar
Michael
d7xTech Staff
 
Posts: 23
Joined: Tue May 07, 2013 1:27 pm


Return to CryptoPrevent for Home Users