Smart Object Blocker

Control execution of applications, DLLs and drivers.

This program is a valid approach to prevent malware and rootkit infections without requiring virus signatures or updates, you can create your own rules to block objects. It monitors in kernel-mode all processes, dlls and drivers loaded in the system, best bulletproof protection. The program is very stable and resources-friendly, you’ll not even notice it is installed in the system. It can effectively block DLL injections.


Lockdown Mode (Whitelist)

With the Lockdown Mode you create a granular whitelist of applications, dlls and drivers that are allowed to run in the system and all the rest is automatically blocked, period. This approach is very powerful because the program can block 0-day threats and new ransomware or cryptolocker variants without having to rely on signatures or updates.

Behavioral Mode (Blacklist)

With the Behavioral Mode you can specify custom rules to block processes, dlls and drivers. You can block, for example, the web browser (Firefox, Chrome, Opera) to execute unsigned processes or unsigned dlls, thus preventing exploit kits to execute the payload. You can also exclude specific objects to allow specific executions.

Smart Rules Creation

We have developed a smart way to create rules: you can use wildcards, regular expressions (PCRE), field aliases, custom environment variables, group multiple conditions, and much more. The “grouping” of a conditional evaluation based on any supported vars/aliases which fully acknowledges both wildcarding and full regex has literally unlimited potential. This allows you to create highly customized rules, including rules related to specific updates of other applications and of Windows Updates.

Create Universal Rules

Thanks to the custom environment variables and to field aliases the rules that you create for you can also be shared and used by other users. This makes the program very powerful because you can also use rules from other users, joining forces with other skilled users is always a good help to create the perfect universal whitelist or blacklist.

Filter Everything

You can scan with your custom rules every field about a to-be-loaded process, dll and kernel-mode driver, including the process name, parent process, PID, file MD5 hash, file publisher, file description, file size, name of the vendor / company that signed the file, entire command-line string, and much more.

No Code/API Hooks

Our program does not install any user-mode or kernel-mode API hook on your system. It uses all documented (and undocumented) kernel-mode callbacks to monitor for executions of processes, modules and drivers. We have created this program to support all Microsoft Windows OSs, 32/64-bit, with a focus on stability.


Additional Details

File Version
Last Updated 21 May 2017
Category Security
License Type Beta
Operating System Windows All (32-bit / 64-bit)

Recent Changes and Fixes