Hello, i just downloaded this app and i have a BIG PROBLEM!!!!!!!! Execution of lolbins is completely permitted if it's not done by file explorer!
Here's my settings:
From what i understand, these are the MAX settings, the MAX possible protection that this app can offer!
When i open cmd.exe from file explorer on windows 10:
BLOCKED! That's good.
But look what happens when i open cmd.exe from inside Wizfile
NOT BLOCKED!!!!!!
This means any vulnerable app like browser or adobe acrobat reader can launch cmd.exe and wreak havoc, the SRPs only work for file explorer! This is very bad, please fix!
EDIT: It appears this happens when the lolbin is launched as admin. Unfortunately, many programs reside in the userspace usually in appdata/roaming or appdata/local or even temp folder and some of em require admin, but that doesn't mean they're not vulnerable. Appguard can guard them and all child processes they launch like cmd.exe, and sandboxie can sandbox them, but this app has no solution for userspace admin programs to prevent them from infecting the system by launching lolbins, at least i don't see one in the setting, that's quite sad. There should be an option to block lolbins even launched by admin programs, only allow lolbins launched by system or trustedinstaller, or perhaps an option to block all userspace admin programs from launching lolbins except for whitelisted ones. On another note, there is no way option to add exceptions to the ValidateAdminCodeSignatures setting, if it's turned on a lot of open-source programs like simplewall, hibit uninstaller, upscayl etc. simply won't launch because they're free and thus don't have a code certificate that costs hundreds of $$$, and there is no way to whitelist em specifically, huge oversights here, sadly this program is unusable by itself, needs to be combined with smth like appguard or sandboxie to have adequate security
EDIT2:
I think i found the solution, launching it with -p seems to do the job, i wonder what other switches there are?
Hello, i just downloaded this app and i have a BIG PROBLEM!!!!!!!! Execution of lolbins is completely permitted if it's not done by file explorer!
Here's my settings:
From what i understand, these are the MAX settings, the MAX possible protection that this app can offer!
When i open cmd.exe from file explorer on windows 10:
BLOCKED! That's good.
But look what happens when i open cmd.exe from inside Wizfile
NOT BLOCKED!!!!!!
This means any vulnerable app like browser or adobe acrobat reader can launch cmd.exe and wreak havoc, the SRPs only work for file explorer! This is very bad, please fix!
EDIT: It appears this happens when the lolbin is launched as admin. Unfortunately, many programs reside in the userspace usually in appdata/roaming or appdata/local or even temp folder and some of em require admin, but that doesn't mean they're not vulnerable. Appguard can guard them and all child processes they launch like cmd.exe, and sandboxie can sandbox them, but this app has no solution for userspace admin programs to prevent them from infecting the system by launching lolbins, at least i don't see one in the setting, that's quite sad. There should be an option to block lolbins even launched by admin programs, only allow lolbins launched by system or trustedinstaller, or perhaps an option to block all userspace admin programs from launching lolbins except for whitelisted ones. On another note, there is no way option to add exceptions to the ValidateAdminCodeSignatures setting, if it's turned on a lot of open-source programs like simplewall, hibit uninstaller, upscayl etc. simply won't launch because they're free and thus don't have a code certificate that costs hundreds of $$$, and there is no way to whitelist em specifically, huge oversights here, sadly this program is unusable by itself, needs to be combined with smth like appguard or sandboxie to have adequate security
EDIT2:
I think i found the solution, launching it with -p seems to do the job, i wonder what other switches there are?