ThreatLocker: Zero Trust vs Malware & Exploits 

it seems it the best solution to keep non tech savvy employees safe and make sure they're not doing something they're not suppose to do

I'd say a combination of both would be ideal

o hey, finally a solution that has any real chance of catching a 0 day. My personal go-to is always ida Pro and a VM/sandbox, this is basically that but on a company scale.

thats what we use in our organization. Works pretty well

We use threatlocker, and love it!

I think both an allow listing and detection based system are necessary. As far as making sure execution is secure, allow listing is the way to go... It just can be difficult for some jobs.

When Part 2 of "Best Antivirus/EDR vs Unknown Ransomware" with Kaspersky etc?

zero trust is definitely the way to got for an entreprise environment. 100% of the times any type of virus infects a company is because of user error, be it downloading and opening a file they received on an email or just poor security practices (Ie no firewalls or whatever). For a single home user though, this creates waaaay more problems and solutions. I installed "Simple Wall" the other day because of your video on "How to stop apps from spying on Windows" and omfg was it triggering. I couldn't open absolutely any program without having to add each individual .exe related to it on Simple Wall.

it seems promising concept, I'll use it as addition layer to detection product

Thanks for the good video! Could you make a video about Sandboxie-Plus and whether it makes sense to use it?

I would be curious to see you testing Kaseya/Datto AV + EDR + Ransomware solutions!

I use Threatlocker for my job, and while it's a good protector, you do have to put quite some work into it to properly configure applications so they're both protected, but still work.

Great video!!! I like this approach (zero trust approach). What I want to know is will this perform better than UltraAV? :D lol Thanks for posting!!!

Thats actually almost the same as Kaspersky's Intrusion Prevention, it literally does the same thing lol.

AppLocker/WDAC tests when? Jokes aside, I hope you cover them as well

Oh man. would love that software for the house. But looks like its going to have enterprise pricing.

Allowing you to run PowerShell as Admin is a gap in your configuration; a standard user should not be allowed to elevate PowerShell in the first place; that's what Elevation Control is for.

So since it works in a different way than a typical Anti virus and firewall program, does that mean you can have both on your system without conflicts ?

I'd say it's a complement for anti viruses. Honestly, this tool has great potential since it allows what only an employee it's supposed to do in their duties. Now, the UI and the problem PC said can be solved by a QOL update

This is interesting, I have been working on zero-trust solutions and the idea is exactly the same, but like with all software there is definitely going to be some misses, especially if someone knows how these zero-trust solutions works.

Can you use your knowledge to test how good Sandboxie Plus virtualization is and how it keeps spaces isolated from malware?

imo it's complimentary to NGAV/EPP and other layers of protection

I don't like either/or questions, because the best answer is rarely just one or the other. As you pointed out, this tool wouldn't step in on a phishing attack. Also, as you noted, this tool can have a major (even if momentary) impact on system performance. It seems to me that this is a great second layer in a defense-in-depth strategy.

Very informative! Seems kinda similar to Glasswire

In practice software like this makes security worse because you can't update software.. Some help desk employee who knows nothing about security or your job installs the software and you hope it works and you can never apply security updates because they will be blocked. So, everyone is running two year old versions of everything on there computer. That's my experience at multiple companies.

I love this product for advanced users, but not for your typical average user. It would probably work well, if you were to configure a single image that you then deployed to all of your end-user computers.

Could you do a video (and a tutorial on what to block to protect ourselves from ost threats without breaking windows) on AppLocker?

So whats is the price of this . they dont say anything on their site, which makes me suspicious

Excelente Gracias.

I like the idea of antivirus and whitelisting, but i'd rather not have a dashboard and just a local yes/no/sandbox option for allowing execution when it blocks something. Any way at all if I could have like the popup of SecureAPlus but just the whitelisting feature I would, along with an option to accept once, or allow all if i want to.

Best Antivirus would be the combination of Bitdefender , Malwarebytes and Kaspersky i would name it ShadowAV

looks like a typical HIPS, but this one has bells and whistles, i.e. good for corpos. Isn't free, besides a 30 days trial. If so, should be compared to many similar packages included in SOPHOS, ESET, Kaspersky etc. The old good COMODO still looks at least not bad compared to this software, and COMODO firewall (internet security) is freemium

great bit of kit. if only it were a bit more lightweight.

Leo, please make a new Norton test video. The old video that you have on this channel is 4 years old.

I like this, it has possibilities. ZT FTW.

bitdefender vs kaspersky pliz

Unfortunately we'd need the benefits of both.

Zero trust is the ONLY answer in today's day and age.

Honestly, even with stuff like this, be careful what you open and download. You can’t rely on only an AV all the time, it requires some human effort too! (Edited to make more sense as I haven’t watched the whole thing)

Is Threatlocker compatible with AV+EDR on same system?

There are a lot of security software offerings. The question I always have is, how do I know if the software is not a Trojan horse? How do you know if the software I buy is legit? Is there a computer security consortium certifying these software offerings?

Should the average user use this or would it be overkill.

These random cuts in the video makes it seem illegitimate. I notice in every video..

best product i like it

Do kaspersky vs bitdefender 😊

I believe detection is the best due too the trouble of allowing new programs

You need zero trust AND good detection

So it's basically SELinux but less secure

Ok, as an old senile man who likes to rant angrily into the clouds, I am going to "fart in church". First, the OS and BIOS should be locked down to a paranoid level. But the reality is that OS give permissions to almost anything by default. [Except non-commercial Linux and similar distributions where you have to OPT-IN to allow apps to be permissive. It is generally a shit idea to give an app direct kernel access, but this is routinely done in gaming, where a gain of a few FPS is more than offset with badly compromised security. Debian distros that conform to the full GPL make you have opt-in to install the latest video driver for example, like NVIDIA commercial drivers. The current design philosophy of Microsoft OS products is seems to be a permissive OS, which you then have to lock down if you want to. Security provisions should be customizable at all times, and especially at first installation. The amount of telemetry and connections that windows 11 does [home or professional] is absurdly high. So you have to make yourself an expert fining out which connections are actually essential and which are just crap. [Or for Microsoft's benefit and not necessarily yours]. You can easily go on the web and find cut-down versions of win10 or 11 [with names like "Tiny 11"], but that does not help much, because as well as taking out some of the bloatware, it will also disable MS's anti-virus. In short, you stand the risk of an OS that is even more insecure than the standard version. In theory, polices control in Win Pro should stop a lot of nonsense, but most of them are quite easy to bypass. "Hardening" win 11 needs an expert level of knowledge which most people don't have. I see that M$ has adopted the SUDO command but I have no idea how safe it is. In Linux it is great, but then Linux is much more orientated in keeping the user in user space, rather than let them swan around in kernel space.

Please stop the whooshing sounds!

could you do a review on TotalAV please?

Would love to see a vid on how to permanently remove MS Copilate in win 10?

First!

Hello im second

Comodo but more weaker

Bravo nice one