Limit *read* access to particular files in D+ to specific programs

[Guest]

[Iq1uy]

This wish relates to a few wishes of others also (but will hopefully be a bit more complete)
e.g.
Add 'my privacy file' in D+
The function of the control of reading files
My own comment on Wishlist v6 on Dec 07 2007
And of course my other comments when I was seeking help to try to do this with existing features here and here

Anyway, the wish roughly goes like this:
I have private files. PGP keys. A keepass file. My thunderbird email.
The only program which *ever* needs to read my PGP keys is PGP.
The only program which *ever* needs to read my keepass file is keepass
The only program which *ever* needs to read my thunderbird email files is thunderbird.

I'd like to be able to limit my PGP keys to only being able to be read by PGP.
and so forth with keepass.
and thunderbird.

I can currently block all access to a file using My Blocked Files. Now if only I could create exceptions to this (like one can with protected files) for particular programs then the problem would be entirely solved.
Maybe it is important to have a 'my blocked files' which *can not* be overridden for super-protection of those files. Great! I agree! Alternatives are then to be able to set the level of protection on 'My protected files' (e.g. read/write/execute) or create an equivalent to 'my protected files' which is for reading of files, not just writing them.

D+ is so, so very close to doing this now. So close I can smell it. It smells good.

[Tech]

Yes, why not?
But you guarantee that CIS is always running. If it is disabled, the access will be released.

[Iq1uy]

True, but doesn't the same apply to protected files and 'My Blocked Files'?
If CIS ceases running, all is lost anyway.

I'm actually currently testing other firewall packages to see if they have the feature (mind you, most of them are not free either)
So far...
Output Pro: no (Can prevent any access to files same as 'My Blocked Files' and prevent write like 'My Protected Files')
eEye Blink Personal: no (Can prevent execution of certain files, but seemingly not read or write)
InJoy Firewall: couldn't get it going under Win7
OnlineArmor: no (doesn't appear to be any way to protect particular files at all, even in the ++ version)
CA Threat Manager Total Defense (with HIPS): had to install server, couldn't get client to function (too complex a solution in terms of software)
PCTools ThreatFile: yes - Under Advanced Tools->Advanced Rule Settings->Custom Rule Settings it is possible to add rules that limit read, write, create, and execute to particular files or directories for all files except explicitly listed ones
e.g. rule settings:
When any process
tries to write or delete or create or execute a file
   in C:\Users\xxxx\my keys[\u]

The only problem is that when you are prompted when a non-approved program attempts to access the file, you only have the choice to 'allow' or 'terminate the application'

DefenseWall: in a sense - you can prevent listed 'Untrusted Application' from accessing protected resources (listed in 'Resource Protection'); but this requires applications to be set to 'untrusted' which is problematic.
DriveSentry: No (looks like you can prevent write access but not read - and 'trusted' applications, which can be automatically added to the list, bypass these settings)
Private Firewall: No
Tiny Personal Firewall 6.5: didn't run under Windows 7 (bluescreen)

Yet to test:
KIS

[ruiky]

+1

[salmonela]

True, but doesn't the same apply to protected files and 'My Blocked Files'?
If CIS ceases running, all is lost anyway.

I'm actually currently testing other firewall packages to see if they have the feature (mind you, most of them are not free either)
So far...
Output Pro: no (Can prevent any access to files same as 'My Blocked Files' and prevent write like 'My Protected Files')
eEye Blink Personal: no (Can prevent execution of certain files, but seemingly not read or write)

Yet to test:
CA Threat Manager Total Defense (with HIPS)
OnlineArmor
Private Firewall
Tiny Personal Firewall 6.5
InJoy Firewall

Unfortunately Comodo cant prevent from reading in way you want, it can however everything else, prevent from: write, modify, delete, create, execute etc.
maybe in v5 Comodo crew add feature you want, until then you can try Kaspersky IS which have ability to prevent from reading but it cost money, I am not sure about Malware Defender, EQ secure and other HIPS systems but you should definitely first look at HIPS systems alone rather than FW + HIPS

[ruiky]

Unfortunately Comodo cant prevent from reading in way you want, it can however everything else, prevent from: write, modify, delete, create, execute etc.
maybe in v5 Comodo crew add feature you want, until then you can try Kaspersky IS which have ability to prevent from reading but it cost money, I am not sure about Malware Defender, EQ secure and other HIPS systems but you should definitely first look at HIPS systems alone rather than FW + HIPS

EQ,MD,OSSS all can prevent from reading

[Chiron]

+1

Sounds like a useful addition to the already flexible configuration of CIS.

[Iq1uy]

EQ,MD,OSSS all can prevent from reading

MD and EQ lasted about 2 minutes post-installation (mainly because the interfaces made me want to cry).
OSSS is looking good, but actually not able to completely prevent access to the file except by whitelisted apps. The only thing that is stopping it doing what I want is that I seem to be able to browse the folders and (more importantly) copy the files I am trying to protect (need to allow admin rights to do so, but still lets me copy them which defeats the purpose of protecting from reading).

Otherwise, OSSS is looking fairly good.

Edit: worked out the reason OSSS was not blocking copying the file.
The file was not protected from 'dllhost.exe' which executes administrator-privileged functions on behalf of another program (in this case, explorer.exe when I try to copy the file)

[pegr]

+1

I too would like to see this feature added.

[EricJH]

+1

[Jacob]

This already can be implemented but the wish should be to make an easier way to do so

[Chismaster]

+1

[k_ok_o_s]

+1 !!!!!!!!!!!!!!!!!!!!!!!!

Paid version of Emsisoft Online Armor 5.0 "protects your sensitive files from being read, deleted or modified by malicious programs." http://www.emsisoft.com/en/info/oa/KF-Files.html

[brat-h]

This already can be implemented but the wish should be to make an easier way to do so

...and which is "the harder way" or may be "ways":

Secondly, let me ask how "Strict do you want Defense+ to be?" There are two ways of accomplishing such task; I don't want to post them until i have i more information of what you are trying to accomplish

[brat-h]

+1 !!!!!!!!!!!!!!!!!!!!!!!!
Paid version of Emsisoft Online Armor 5.0 "protects your sensitive files from being read, deleted or modified by malicious programs." http://www.emsisoft.com/en/info/oa/KF-Files.html

And so does the free version of Comodo Internet Security . The question is: "how to make exclusions for specific processes to let them read/write specific BLOCKED files/folders etc."

[Tags:]