DOCSLIB.ORG

A New Approach for Hiding Data Within Executable Computer Program Files Using an Improvement Cover Region Dr

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

IJCCCE Vol.13, No.1, 2013 _____________________________________________________________________________________ A New Approach for Hiding Data within Executable Computer Program Files Using an Improvement Cover Region Dr. AbeerTariq1 EkhlasFalih1 Eman Shaker1 1Computer Science Department, University of Technology, Baghdad email: [email protected] [email protected] [email protected] Received: 27/1/2013 Accepted: 22/7/2013 Abstract – The process of hiding is considered to be one of the important security branches which are used to ensure the safe transfer of vital data and its protection against theft or editing. Recently, the need for developed hiding methods have greatly increased as the programming technologies that are capable of detecting hidden data, which are hidden using conventional methods, have undergone a great leap in progress. This paper aims to introduce a novel method of hiding a text inside an executable (.exe) file. This is considered one of the recent, more developed types. The suggested system has been tested on two types of executable files. The first type was written using (C++.exe) whereas the second was written using (VB.exe). The text was hidden using the suggest method (Cover Region and Parity bits) through which the executable file will be segmented into (regions) afterwards, each group of values will be tested alongside the value of the secret message that needs to be hidden. The suggested approach was applied on several texts and the result was that hiding via the executable files of the (VB) types is faster and it occupies less size than the (C++) type.. Keywords –C++ execution file,VB execution file and Cover Region and Parity Bits. 55 IJCCCE Vol.13, No.1, 2013 A New Approach for Hiding Data within Executable Computer Program Files Using an Dr. Abeer Tariq et. al. Improvement Cover Region 1. Introduction as well as internal programmer notes Internet communication has become and identifiers, redundant sections of an integral part of the infrastructure of code and infuriatingly in some senses today’s world. The information coding "bloat." All of this adds up to communicated comes in numerous forms large and essentially random file sizes and is used in many applications. In a for exe files. As such, it might be large number of these applications, it is possible to embed and hide large desired that the communication be done in amounts of data in encoded form in secret. Such secret communication ranges an exe file without disrupting the from the obvious cases of bank transfers, file's ability to be executed, or run, as corporate communications, and credit card a program but crucially without purchases, on down to a large percentage anyone discovering that the exe file of everyday email. With email, many has a dual function [3]. people wrongly assume that their communication is safe because it is just a 2. Theoretical Background small piece of an enormous amount of data being sent worldwide. After all, the Steganography can be split into two Internet is not a secure medium, and there types: Fragile and Robust. The following are programs “out there” which just sit section describes the definition of these and watch messages go by for interesting two different types of steganography. information [1]. 1. Steganography and encryption are 2.1 Pure steganography: -A both used to ensure data steganographic system which does not confidentiality. The main difference require prior exchange of some secret between them is that with encryption information (like a stego key) is pure anybody can see that both parties are steganography. The embedding process communicating in secret. can be described as a mapping Steganography hides the existence of E: CxMS a secret message and in the best case whereC is the set of possible covers and nobody can see that both parties are M is the set of possible messages. communicating in secret. This makes steganography suitable for some The extracting process consist of a tasks, such as copyright marking, for mapping which encryption isn't. Adding D: SM encrypted copyright information to a file could be easy to remove but extracting the secret message out of a embedding it within the contents of cover . the file itself can prevent it from 2.2 Secret key steganography: -In secret being easily identified and removed key steganography, the sender chooses [2]. cover C and embeds the secret message 2. There is one group of files that vary into C using secret key K. If the key in the enormously in size and are usually embedding process is known to the rather difficult to examine in detail receiver, he can reverse the process and because they are comprised of extract the secret message. The mapping compiled computer codes which are of the process if K is the set of secret executable, or exe, files. These files keys. tend to contain lots of what might be described as "junk data" of their own Ek: C×M×KS 56 IJCCCE Vol.13, No.1, 2013 A New Approach for Hiding Data within Executable Computer Program Files Using an Improvement Cover Dr. Abeer Tariq et. al. Region And 28 = 256 colors and in a 24-bit bitmap, 24 Dk: S×KM there can be 2 = 16777216 colors. with the property that Information can be hidden in many Dk(Ek(c,m,k),k)=m for all mM,cC different ways in images. Straight and kK is called a secret key message insertion can be done, which will steganography system simply encode every bit of information in 2.3 Public key steganography:- the image. More complex encoding can be Public key steganography system done to embed the message only in noisy require the use of two keys, one is areas of the image that will attract less private and the other one is attention. The message may also be public.The public key is stored in scattered randomly throughout the cover a public database whereas the image [4]. public key is used in the embedding process. The private key is used to reconstruct the 3.2 Hiding in Audio secret message [4]. General principles of data hiding technology, as well as terminology adopted at the First International Workshop on Information Hiding, Cambridge, U.K. are illustrated in Figure 3. Media Used for Hiding (3.1). There are different media for hiding data:- A data message is hidden within a 3.1 Data hiding in images cover signal (object) in the block called In a computer, images are represented embeddor using a stego key, which is a as arrays of values. These values represent secret set of parameters of a known hiding the i3.ntensities of the three colors R(ed) algorithm. The output of the embedded is G(reen) and B(lue), where a value for called stego signal (object). After each of the three colors describes a pixel. transmission, recording, and other signal processing which may contaminate and Through varying the intensity of the bend the stego signal, the embedded RGB values, a finite set of colors message is retrieved using the appropriate spanning the full visible spectrum can be stego key in the block called extractor [5]. created. In an 8-bit gif image, there can be Figure (1) Block diagram of data hiding and retrieval. 57 IJCCCE Vol.13, No.1, 2013 A New Approach for Hiding Data within Executable Computer Program Files Using an Dr. Abeer Tariq et. al. Improvement Cover Region 4. Basic Media (Cover) and A number of different cover objects Techniques Used In Proposal (signals) can be used to carry hidden messages. Data hiding in audio signals The execution file used as a cover, exploits the imperfection of the human and Cover Region and Parity Bits auditory system known as audio masking. technique used as technique in our In thepresence of a loud signal (masker), proposal: another weaker signal may be inaudible, depending on spectral and temporal 4.1 Executable File characteristics of both masked signal and An executable file is a file that is used masker [5].Masking models is extensively to perform various functions or operations studied for perceptual compression of on a computer. Unlike a data file, an audio signals. In the case of perceptual executable file cannot be read because it compression the quantization noise is has been compiled. On an IBM hidden below the masking threshold, compatible computer, common executable while in a data hiding application the files are .BAT, .COM, .EXE, and .BIN. embedded signal is hidden there. Data Depending on the operating system and its hiding in audio signals is especially setup, there can also be several other challenging, because the human auditory executable files [7]. system operates over a wide dynamic To execute a file in MS-DOS and range. The human auditory system numerous other command line operating perceives over a range of power greater systems, type the name of the executable than one billion to one and a range of file and press enter. For example, the file frequencies greater than one thousand to myfile.exe is executed by typing myfile at one. the prompt. Sensitivity to additive random noise Other command line operating is also acute. The perturbations in a sound systems such as Linux or Unix may file can be detected as low as one part in require the user to type a period and a ten million (80 dB below ambient forward slash in front of the file name, for level).However, there are some “holes” example, ./myfile would execute the available. While the human auditory executable file named myfile. system has a large dynamic range, it has a To execute a file in Microsoft fairly small differential range.
Recommended publications
  • A Compiler-Level Intermediate Representation Based Binary Analysis and Rewriting System

    A Compiler-Level Intermediate Representation Based Binary Analysis and Rewriting System

    A Compiler-level Intermediate Representation based Binary Analysis and Rewriting System Kapil Anand Matthew Smithson Khaled Elwazeer Aparna Kotha Jim Gruen Nathan Giles Rajeev Barua University of Maryland, College Park {kapil,msmithso,wazeer,akotha,jgruen,barua}@umd.edu Abstract 1. Introduction This paper presents component techniques essential for con- In recent years, there has been a tremendous amount of ac- verting executables to a high-level intermediate representa- tivity in executable-level research targeting varied applica- tion (IR) of an existing compiler. The compiler IR is then tions such as security vulnerability analysis [13, 37], test- employed for three distinct applications: binary rewriting us- ing [17], and binary optimizations [30, 35]. In spite of a sig- ing the compiler’s binary back-end, vulnerability detection nificant overlap in the overall goals of various source-code using source-level symbolic execution, and source-code re- methods and executable-level techniques, several analyses covery using the compiler’s C backend. Our techniques en- and sophisticated transformations that are well-understood able complex high-level transformations not possible in ex- and implemented in source-level infrastructures have yet to isting binary systems, address a major challenge of input- become available in executable frameworks. Many of the derived memory addresses in symbolic execution and are the executable-level tools suggest new techniques for perform- first to enable recovery of a fully functional source-code. ing elementary source-level tasks. For example, PLTO [35] We present techniques to segment the flat address space in proposes a custom alias analysis technique to implement a an executable containing undifferentiated blocks of memory.
  • Toward IFVM Virtual Machine: a Model Driven IFML Interpretation

    Toward IFVM Virtual Machine: a Model Driven IFML Interpretation

    Toward IFVM Virtual Machine: A Model Driven IFML Interpretation Sara Gotti and Samir Mbarki MISC Laboratory, Faculty of Sciences, Ibn Tofail University, BP 133, Kenitra, Morocco Keywords: Interaction Flow Modelling Language IFML, Model Execution, Unified Modeling Language (UML), IFML Execution, Model Driven Architecture MDA, Bytecode, Virtual Machine, Model Interpretation, Model Compilation, Platform Independent Model PIM, User Interfaces, Front End. Abstract: UML is the first international modeling language standardized since 1997. It aims at providing a standard way to visualize the design of a system, but it can't model the complex design of user interfaces and interactions. However, according to MDA approach, it is necessary to apply the concept of abstract models to user interfaces too. IFML is the OMG adopted (in March 2013) standard Interaction Flow Modeling Language designed for abstractly expressing the content, user interaction and control behaviour of the software applications front-end. IFML is a platform independent language, it has been designed with an executable semantic and it can be mapped easily into executable applications for various platforms and devices. In this article we present an approach to execute the IFML. We introduce a IFVM virtual machine which translate the IFML models into bytecode that will be interpreted by the java virtual machine. 1 INTRODUCTION a fundamental standard fUML (OMG, 2011), which is a subset of UML that contains the most relevant The software development has been affected by the part of class diagrams for modeling the data apparition of the MDA (OMG, 2015) approach. The structure and activity diagrams to specify system trend of the 21st century (BRAMBILLA et al., behavior; it contains all UML elements that are 2014) which has allowed developers to build their helpful for the execution of the models.
  • Debugging with GDB

    Debugging with GDB

    Debugging with GDB The gnu Source-Level Debugger HP Seventeenth Edition, for GDB January 2007 Richard Stallman, Roland Pesch, Stan Shebs, et al. (Send bugs and comments on GDB to [email protected] with copy to [email protected] ) Debugging with GDB TEXinfo 2003-02-03.16 Copyright c 2007 Free Software Foundation, Inc. Published by the Free Software Foundation 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA ISBN 1-882114-77-9 Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this manual under the conditions for verbatim copying, provided also that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Permission is granted to copy and distribute translations of this manual into another lan- guage, under the above conditions for modified versions. i Table of Contents Summary of GDB............................. 1 Free software ................................................ 1 Contributors to GDB......................................... 1 1 A Sample GDB Session .................... 5 1.1 Loading the Executable .................................. 5 1.2 Setting Display width.................................... 6 1.3 Setting Breakpoints ..................................... 6 1.4 Running the executable under GDB ...................... 6 1.5 Stepping to the next line in the source program............ 6 1.6 Stepping into a subroutine ............................... 6 1.7 Examining the Stack .................................... 7 1.8 Printing Variable Values ................................. 7 1.9 Listing Source Code ..................................... 7 1.10 Setting Variable Values During a Session ................. 8 2 Getting In and Out of GDB ..............
  • Portable Executable File Format

    Portable Executable File Format

    Chapter 11 Portable Executable File Format IN THIS CHAPTER + Understanding the structure of a PE file + Talking in terms of RVAs + Detailing the PE format + The importance of indices in the data directory + How the loader interprets a PE file MICROSOFT INTRODUCED A NEW executable file format with Windows NT. This for- mat is called the Portable Executable (PE) format because it is supposed to be portable across all 32-bit operating systems by Microsoft. The same PE format exe- cutable can be executed on any version of Windows NT, Windows 95, and Win32s. Also, the same format is used for executables for Windows NT running on proces- sors other than Intel x86, such as MIPS, Alpha, and Power PC. The 32-bit DLLs and Windows NT device drivers also follow the same PE format. It is helpful to understand the PE file format because PE files are almost identi- cal on disk and in RAM. Learning about the PE format is also helpful for under- standing many operating system concepts. For example, how operating system loader works to support dynamic linking of DLL functions, the data structures in- volved in dynamic linking such as import table, export table, and so on. The PE format is not really undocumented. The WINNT.H file has several struc- ture definitions representing the PE format. The Microsoft Developer's Network (MSDN) CD-ROMs contain several descriptions of the PE format. However, these descriptions are in bits and pieces, and are by no means complete. In this chapter, we try to give you a comprehensive picture of the PE format.
  • IBM AIX Version 6.1 Differences Guide

    IBM AIX Version 6.1 Differences Guide

    Front cover IBM AIX Version 6.1 Differences Guide AIX - The industrial strength UNIX operating system AIX Version 6.1 enhancements explained An expert’s guide to the new release Roman Aleksic Ismael "Numi" Castillo Rosa Fernandez Armin Röll Nobuhiko Watanabe ibm.com/redbooks International Technical Support Organization IBM AIX Version 6.1 Differences Guide March 2008 SG24-7559-00 Note: Before using this information and the product it supports, read the information in “Notices” on page xvii. First Edition (March 2008) This edition applies to AIX Version 6.1, program number 5765-G62. © Copyright International Business Machines Corporation 2007, 2008. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Figures . xi Tables . xiii Notices . xvii Trademarks . xviii Preface . xix The team that wrote this book . xix Become a published author . xxi Comments welcome. xxi Chapter 1. Application development and system debug. 1 1.1 Transport independent RPC library. 2 1.2 AIX tracing facilities review . 3 1.3 POSIX threads tracing. 5 1.3.1 POSIX tracing overview . 6 1.3.2 Trace event definition . 8 1.3.3 Trace stream definition . 13 1.3.4 AIX implementation overview . 20 1.4 ProbeVue . 21 1.4.1 ProbeVue terminology. 23 1.4.2 Vue programming language . 24 1.4.3 The probevue command . 25 1.4.4 The probevctrl command . 25 1.4.5 Vue: an overview. 25 1.4.6 ProbeVue dynamic tracing example . 31 Chapter 2. File systems and storage. 35 2.1 Disabling JFS2 logging .
  • Coqjvm: an Executable Specification of the Java Virtual Machine Using

    Coqjvm: an Executable Specification of the Java Virtual Machine Using

    CoqJVM: An Executable Specification of the Java Virtual Machine using Dependent Types Robert Atkey LFCS, School of Informatics, University of Edinburgh Mayfield Rd, Edinburgh EH9 3JZ, UK [email protected] Abstract. We describe an executable specification of the Java Virtual Machine (JVM) within the Coq proof assistant. The principal features of the development are that it is executable, meaning that it can be tested against a real JVM to gain confidence in the correctness of the specification; and that it has been written with heavy use of dependent types, this is both to structure the model in a useful way, and to constrain the model to prevent spurious partiality. We describe the structure of the formalisation and the way in which we have used dependent types. 1 Introduction Large scale formalisations of programming languages and systems in mechanised theorem provers have recently become popular [4–6, 9]. In this paper, we describe a formalisation of the Java virtual machine (JVM) [8] in the Coq proof assistant [11]. The principal features of this formalisation are that it is executable, meaning that a purely functional JVM can be extracted from the Coq development and – with some O’Caml glue code – executed on real Java bytecode output from the Java compiler; and that it is structured using dependent types. The motivation for this development is to act as a basis for certified consumer- side Proof-Carrying Code (PCC) [12]. We aim to prove the soundness of program logics and correctness of proof checkers against the model, and extract the proof checkers to produce certified stand-alone tools.
  • An Executable Intermediate Representation for Retargetable Compilation and High-Level Code Optimization

    An Executable Intermediate Representation for Retargetable Compilation and High-Level Code Optimization

    An Executable Intermediate Representation for Retargetable Compilation and High-Level Code Optimization Rainer Leupers, Oliver Wahlen, Manuel Hohenauer, Tim Kogel Peter Marwedel Aachen University of Technology (RWTH) University of Dortmund Integrated Signal Processing Systems Dept. of Computer Science 12 Aachen, Germany Dortmund, Germany Email: [email protected] Email: [email protected] Abstract— Due to fast time-to-market and IP reuse require- potential parallelism and which are the usual input format for ments, an increasing amount of the functionality of embedded code generation and scheduling algorithms. HW/SW systems is implemented in software. As a consequence, For the purpose of hardware synthesis from C, the IR software programming languages like C play an important role in system specification, design, and validation. Besides many other generation can be viewed as a specification refinement that advantages, the C language offers executable specifications, with lowers an initially high-level specification in order to get clear semantics and high simulation speed. However, virtually closer to the final implementation, while retaining the original any tool operating on C specifications has to convert C sources semantics. We will explain later, how this refinement step can into some intermediate representation (IR), during which the be validated. executability is normally lost. In order to overcome this problem, this paper describes a novel IR format, called IR-C, for the use However, the executability of C, which is one of its major in C based design tools, which combines the simplicity of three advantages, is usually lost after an IR has been generated. address code with the executability of C.
  • Devpartner Advanced Error Detection Techniques Guide

    Devpartner Advanced Error Detection Techniques Guide

    DevPartner® Advanced Error Detection Techniques Release 8.1 Technical support is available from our Technical Support Hotline or via our FrontLine Support Web site. Technical Support Hotline: 1-800-538-7822 FrontLine Support Web Site: http://frontline.compuware.com This document and the product referenced in it are subject to the following legends: Access is limited to authorized users. Use of this product is subject to the terms and conditions of the user’s License Agreement with Compuware Corporation. © 2006 Compuware Corporation. All rights reserved. Unpublished - rights reserved under the Copyright Laws of the United States. U.S. GOVERNMENT RIGHTS Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in Compuware Corporation license agreement and as provided in DFARS 227.7202-1(a) and 227.7202-3(a) (1995), DFARS 252.227-7013(c)(1)(ii)(OCT 1988), FAR 12.212(a) (1995), FAR 52.227-19, or FAR 52.227-14 (ALT III), as applicable. Compuware Corporation. This product contains confidential information and trade secrets of Com- puware Corporation. Use, disclosure, or reproduction is prohibited with- out the prior express written permission of Compuware Corporation. DevPartner® Studio, BoundsChecker, FinalCheck and ActiveCheck are trademarks or registered trademarks of Compuware Corporation. Acrobat® Reader copyright © 1987-2003 Adobe Systems Incorporated. All rights reserved. Adobe, Acrobat, and Acrobat Reader are trademarks of Adobe Systems Incorporated. All other company or product names are trademarks of their respective owners. US Patent Nos.: 5,987,249, 6,332,213, 6,186,677, 6,314,558, and 6,016,466 April 14, 2006 Table of Contents Preface Who Should Read This Manual .
  • CPE 323 Introduction to Software Reverse Engineering in Embedded Computer Systems

    CPE 323 Introduction to Software Reverse Engineering in Embedded Computer Systems

    CPE 323 Introduction to Software Reverse Engineering in Embedded Computer Systems Aleksandar Milenković Email: [email protected] Web: http://www.ece.uah.edu/~milenka Objective: Introduce tools and methods for software reverse engineering in embedded systems Contents Contents ...................................................................................................................................... 1 1 Introduction ............................................................................................................................. 2 2 Format of Executable Files ...................................................................................................... 2 3 GNU Utilities ............................................................................................................................ 6 4 Deconstructing Executable Files: An Example ....................................................................... 10 5 Working with HEX Files and MSP430Flasher Utility .............................................................. 25 6 To Learn More ....................................................................................................................... 29 CPE 323: Software Reverse Engineering © A. Milenković 1 1 Introduction In this section we will introduce basic concepts, tools, and techniques for software reverse engineering with a special emphasis on embedded computer systems. Reverse engineering in general is a process of deconstructing man-made artifacts with a goal to reveal their designs and architecture
  • The Concept of Dynamic Analysis

    The Concept of Dynamic Analysis

    The Concept of Dynamic Analysis Thomas Ball Bell Laboratories Lucent Technologies [email protected] Abstract. Dynamic analysis is the analysis of the properties of a run- ning program. In this paper, we explore two new dynamic analyses based on program profiling: - Frequency Spectrum Analysis. We show how analyzing the frequen- cies of program entities in a single execution can help programmers to decompose a program, identify related computations, and find computations related to specific input and output characteristics of a program. - Coverage Concept Analysis. Concept analysis of test coverage data computes dynamic analogs to static control flow relationships such as domination, postdomination, and regions. Comparison of these dynamically computed relationships to their static counterparts can point to areas of code requiring more testing and can aid program- mers in understanding how a program and its test sets relate to one another. 1 Introduction Dynamic analysis is the analysis of the properties of a running program. In contrast to static analysis, which examines a program’s text to derive properties that hold for all executions, dynamic analysis derives properties that hold for one or more executions by examination of the running program (usually through program instrumentation [14]). While dynamic analysis cannot prove that a program satisfies a particular property, it can detect violations of properties as well as provide useful information to programmers about the behavior of their programs, as this paper will show. The usefulness of dynamic analysis derives from two of its essential charac- teristics: - Precision of information: dynamic analysis typically involves instrumenting a program to examine or record certain aspects of its run-time state.
  • Archive and Compressed [Edit]

    Archive and Compressed [Edit]

    Archive and compressed [edit] Main article: List of archive formats • .?Q? – files compressed by the SQ program • 7z – 7-Zip compressed file • AAC – Advanced Audio Coding • ace – ACE compressed file • ALZ – ALZip compressed file • APK – Applications installable on Android • AT3 – Sony's UMD Data compression • .bke – BackupEarth.com Data compression • ARC • ARJ – ARJ compressed file • BA – Scifer Archive (.ba), Scifer External Archive Type • big – Special file compression format used by Electronic Arts for compressing the data for many of EA's games • BIK (.bik) – Bink Video file. A video compression system developed by RAD Game Tools • BKF (.bkf) – Microsoft backup created by NTBACKUP.EXE • bzip2 – (.bz2) • bld - Skyscraper Simulator Building • c4 – JEDMICS image files, a DOD system • cab – Microsoft Cabinet • cals – JEDMICS image files, a DOD system • cpt/sea – Compact Pro (Macintosh) • DAA – Closed-format, Windows-only compressed disk image • deb – Debian Linux install package • DMG – an Apple compressed/encrypted format • DDZ – a file which can only be used by the "daydreamer engine" created by "fever-dreamer", a program similar to RAGS, it's mainly used to make somewhat short games. • DPE – Package of AVE documents made with Aquafadas digital publishing tools. • EEA – An encrypted CAB, ostensibly for protecting email attachments • .egg – Alzip Egg Edition compressed file • EGT (.egt) – EGT Universal Document also used to create compressed cabinet files replaces .ecab • ECAB (.ECAB, .ezip) – EGT Compressed Folder used in advanced systems to compress entire system folders, replaced by EGT Universal Document • ESS (.ess) – EGT SmartSense File, detects files compressed using the EGT compression system. • GHO (.gho, .ghs) – Norton Ghost • gzip (.gz) – Compressed file • IPG (.ipg) – Format in which Apple Inc.
  • Anti-Executable Standard User Guide 2 |

    Anti-Executable Standard User Guide 2 |

    | 1 Anti-Executable Standard User Guide 2 | Last modified: October, 2015 © 1999 - 2015 Faronics Corporation. All rights reserved. Faronics, Deep Freeze, Faronics Core Console, Faronics Anti-Executable, Faronics Device Filter, Faronics Power Save, Faronics Insight, Faronics System Profiler, and WINSelect are trademarks and/or registered trademarks of Faronics Corporation. All other company and product names are trademarks of their respective owners. Anti-Executable Standard User Guide | 3 Contents Preface . 5 Important Information. 6 About Faronics . 6 Product Documentation . 6 Technical Support . 7 Contact Information. 7 Definition of Terms . 8 Introduction . 10 Anti-Executable Overview . 11 About Anti-Executable . 11 Anti-Executable Editions. 11 System Requirements . 12 Anti-Executable Licensing . 13 Installing Anti-Executable . 15 Installation Overview. 16 Installing Anti-Executable Standard. 17 Accessing Anti-Executable Standard . 20 Using Anti-Executable . 21 Overview . 22 Configuring Anti-Executable . 23 Status Tab . 24 Verifying Product Information . 24 Enabling Anti-Executable Protection. 24 Anti-Executable Maintenance Mode . 25 Execution Control List Tab . 26 Users Tab. 27 Adding an Anti-Executable Administrator or Trusted User . 27 Removing an Anti-Executable Administrator or Trusted User . 28 Enabling Anti-Executable Passwords . 29 Temporary Execution Mode Tab. 30 Activating or Deactivating Temporary Execution Mode . 30 Setup Tab . 32 Setting Event Logging in Anti-Executable . 32 Monitor DLL Execution . 32 Monitor JAR Execution . 32 Anti-Executable Stealth Functionality . 33 Compatibility Options. 33 Customizing Alerts. 34 Report Tab . 35 Uninstalling Anti-Executable . 37 Uninstalling Anti-Executable Standard . 38 Anti-Executable Standard User Guide 4 | Contents Anti-Executable Standard User Guide |5 Preface Faronics Anti-Executable is a solution that ensures endpoint security by only permitting approved executables to run on a workstation or server.