Date Posted: June 14, 2007
Update: October 3, 2007 Version 2.27 increases security for the registry and network drives; it also includes "audit-only mode." (For further details, see the readme.doc file, located in the installation folder.)
Tab navigation
- 1. What components will be installed on my machine?
- 2. How do I verify that IBM Assured Execution Environment is working properly?
- 3. How do I approve programs being blocked or add new programs to my PC?
- 4. What security protection is provided?
- 5. Is this technology a good match for software developers who generate program executables?
- 6. Why can't I delete or move executables on my system
- 7. Will I be blocked from accessing data contained on a CD or USB Key media?
- 8. How does this technology affect the performance of my PC?
- 9. How do I disable IBM Assured Execution Environment?
1. What components will be installed on my machine?
IBM Assured Execution Environment installs the following components on the system:
- kernel driver
- system service
- user-agent for tray icon
- utility programs (file-system checkers and tagger)
2. How do I verify that IBM Assured Execution Environment is working properly?
After a successful installation of the security tool, the system tray icon will be displayed. You can further test the technology by running an application from a CD-ROM or USB key-fob and verifying that the application is blocked; a tray icon notification message will be displayed.
Another good test will be to visit a Web site that downloads ActiveX controls on your machine and verify that these controls are also blocked. (Note that you must clear your browser cache before installing IBM Assured Execution Environment; otherwise, all cached ActiveX controls will be approved the installer).3. How do I approve programs being blocked or add new programs to my PC?
The following features can be accessed by right-clicking on the system tray icon:
- Show Unapproved Programs Blocked by AxE: This feature displays a list of unapproved programs that actually attempted to execute on your machine but that were denied. These will commonly include ActiveX controls that arrive on your machine while browsing Web sites. You can see what tried to damage your machine but was prevented.
- Show All Unapproved Programs: This feature will continuously examine your hard drive for unapproved programs that you downloaded or that arrived unexpectedly.
- Approve Selected Files: This feature is reached via the Show All Unapproved Programs and Show Unapproved Programs Blocked by AxE menu items. This feature can be used to selectively approve files belonging to particular programs so that they can run on the machine without being blocked. Note that this may not work for files that were temporarily generated on the system. If this option does not allow your program to execute properly, then please use the Add/Remove Approved Programs feature in order to explicitly add the desired program(s).
- Add/Remove Approved Programs: This option is used when you want to install additional program(s) from a CD-ROM or the network, including ActiveX controls downloaded through Internet Explorer. During the addition of new program(s), IBM Assured Execution Environment protection is disabled but still tracks all the new files added to the machine. The run-time environment also displays a prompt that you must select in order to re-enable full protection after installation. At this time, IBM Assured Execution Environment will show you all the files added to the system; you can approve or reject them before protection is reactivated. (This process works even if the installation process requires a reboot). Note that the Add/Remove Approved Programs feature is also useful for supporting the update of approved applications (such as programs from some anti-virus vendors) or applications that dynamically generate and load binaries.
- Windows® Update is explicitly supported through the Apply Windows Updates option.
4. What security protection is provided?
The goal of this alphaWorks release is to get user feedback on the usability of our system, given an initial set of security policies. The alphaWorks version prevents only unapproved executables from running because that is the prevalent attack vector used by malware. Specifically, local NTFS and FAT formatted disks and removable media are protected.
However, to minimize impact on usability, the first alphaWorks version does not contain an implementation of the full security model:- System registry and other system configuration information are not protected.
- Scripts are allowed to run, unless the script run-time DLLs are disabled.
- Attacks targeted at the IBM Assured Execution Environment itself are not fully addressed (for example, all methods of disabling protection are not fully secured).
- Certain media (non-NTFS and non-FAT) and network shares (to local or remote systems) are not protected.
- The approval tools are fully accessible on the client.
- Approval information can be readily deleted on the client.
5. Is this technology a good match for software developers who generate program executables?
Because this technology aims to block unapproved binaries and prevent changes to approved ones, it hinders software development where new win32 binaries are generated.
Currently, it also hinders the use of IDEs that dynamically generate and load win32 binaries in order to support certain features. In order to approve the files dynamically generated by these IDEs so that you can use these applications, please employ the Add/Remove Approved Programs and Approve Selected Files options.6. Why can't I delete or move executables on my system
Because the approved binaries on your system are protected from change, it prevents all modifications to these files, including deletions and renamings (which could be attacks by malware scripts). If you wish to delete or rename approved executables, please use the Add/Remove Approved Programs option.
7. Will I be blocked from accessing data contained on a CD or USB Key media?
Data is fully accessible from any removable media. The technology blocks only program executables from these media. To run programs from these media, please use the Add/Remove Approved Programs option.
8. How does this technology affect the performance of my PC?
IBM Assured Execution Environment causes a small overhead (not perceivable by the user) at program launch in order to verify that the program executable files are approved. After a program is executing, no additional overhead is incurred.
9. How do I disable IBM Assured Execution Environment?
In order to ensure that the technology is not adversely affecting an application on your system, we have supplied a quick way to disable the run-time and to diagnose problems. This is done through the Disable AxE Protection option on the system tray icon""s context menu. Note: This option completely disables the technology, and new files added to the system at this time are not approved. After IBM Assured Execution Environment is re-enabled, the newly added files must be re-added using the Add/Remove Approved Programs option.
If for any reason your system stops booting all the way or behaves abnormally and you are unable to disable IBM Assured Execution Environment, please boot into Windows Safe Mode by pressing F8 after turning your computer on. After logging into Safe Mode using your local administrator user name and password, open a command prompt and go to the c:\windows\system32\drivers directory (if your system drive is C:\), and delete axemon.sys. Reboot your system; IBM Assured Execution Environment is now disabled, and you can run uninstall.bat from the c:\axe directory if you wish to uninstall the software.