Well, pretty much every security application have inconpatibilities with otehr product, especialy if it's in beta. Here's two program that i found either non working or very hardly working with appdefend.

Security task manager
http://www.neuber.com/taskmanager/

Program Start
Appdefend ask for ascode.dll debug privilege
GUI hang, cannot respond
Pressing ctr-alt-del unfreze it
I choose allow once to each alert

Then at the real scaning time gui hang
ctr-alt-delete cannot unfreeze the situation
the screen look frozen exept each time i press ctr-alt-del,
i have a new taskmanager in the system tray


fortunately windows-l (switch user) was working
and i could unfroze it


---------------------------------------------------
a-squared Background guard
http://www.emsisoft.com/en/software/personal/

well this time things went a bit smooter
however the gard wanted to memory write/memory protect each process runing
i let him do ... as well i figured it was a way of protection

however now each process that started a child process tryed
to memory write/memory protect it's child

the result is that the computer became almost not usable because of to many popup
and i did not wanted to disable appdefend.

my guess is that a² is using a viral strategy for it's protection.
it "infect" each current process and then those process will "infect"
their child so the system can be guarded of spyware.

while i know the goal was good, i'm not sure it's the best way to act
as i guess the ressource overhead will be added to every single process on the machine

as it was only a trial i uninstall it immediately

-----------------------------------------------------

First of all, thank you Jason for making such a good product
Then, thank you again as your product help me avoid to install this
"dll injection monster" that was a squared.

However having some extra rules example
allow parent process to kill/modify their child
would be usefull.

For the Security task manager, I'm sure 95% of the issue is bad coding of their part, however having some sort of freeze detection and recovery in GSS would make this product even better

Hi f3x,

After playing a bit with Security Task Manager and AD, I would not say they are incompatible. You should give STM blanket permission to modify processes. That is what it needs to do its job. When STM starts, I get four global hook alerts from AD: Get Message Hook, Keyboard Hook, MSG Filter Hook, and System Message Filter Hook. You have to respond to the alerts quickly, otherwise STM will hang (screenshot below). Once you get past that, you will get one of these alerts for every process STM looks at:

21:18:51 12 Dec 2005 | AppDefend | Allowed process modification [global hook] performed by taskman.exe | g:\program files\security task manager\taskman.exe | g:\windows\explorer.exe |

Again, STM will hang waiting for you click Allow Once at every alert. STM seems to start and run with no problems once you allow it to modify processes. You should give your trusted security apps whatever permissions they need to function.

Nick

Well this one is as incompatible as it can get:
http://www.snoopfree.com/PrivacyShield.htm

As soon as we can see the two eyes in the system tray, the computer reboot.
I guess the problem is that it's loading BEFORE GSS



I dowload it after reading a post on diamondCS about spying application (partypoker) with printscreen etc. I was wondering, since GSS protect against some privacy threat such as keyloger is there any plan to exten to new fonctionality such as screen access ?

-{ Quote: "...I dowload it after reading a post on diamondCS about spying application (partypoker) with printscreen etc. I was wondering, since GSS protect against some privacy threat such as keyloger is there any plan to exten to new fonctionality such as screen access ?" }-

not a bad idea at all.

check this out for some scaryness:

http://www.pcinternetpatrol.com/page/view/49

somehow, it gets through appdefend even when I block its internet access.

-{ Quote: "Well this one is as incompatible as it can get:
http://www.snoopfree.com/PrivacyShield.htm

As soon as we can see the two eyes in the system tray, the computer reboot.
I guess the problem is that it's loading BEFORE GSS



I dowload it after reading a post on diamondCS about spying application (partypoker) with printscreen etc. I was wondering, since GSS protect against some privacy threat such as keyloger is there any plan to exten to new fonctionality such as screen access ?" }-

Hi f3x,

One of my beta testers has run SnoopFree and AppDefend successfully together. With all of your crashes, I am just wondering if there is something else wrong on your system.

Would you mind emailing me the crash minidump from these BSOD so I can analyze your problem?

-{ Quote: "not a bad idea at all.

check this out for some scaryness:

http://www.pcinternetpatrol.com/page/view/49

somehow, it gets through appdefend even when I block its internet access." }-

Hi ringsong,

Actually, maybe you "accidently" let PCAUDIT install its global hook, which would allow it to inject into other processes and use them as hosts for internet activity.

When I blocked the GLOBAL HOOK from occuring, I couldn't get past "Step 1. Capturing User Information".

Im running AppDefend, Regdefend, Snoopfree and KAV 5.388 with no problems so far on my gaming PC.

Here is the blocked Global Hook alert copied from the log.

13:29:30 14 Dec 2005 | AppDefend | Blocked process modification [global hook] performed by pcaudit.exe | c:\program files\ghostsecuritysuite\pcaudit.exe |

Sorry Jason,

Let me clarify that.

Since the other guy was talking about how screenshot protection might be useful I tried to see what would happen if I did infact give pcaudit global hook permission.

After giving it global hook permission (I assume this is only for the keylogging part) it successfully sent data (including a screenshot) through the internet.

I blocked it from network access but it still managed to get through. I don't know how.

So I was thinking that maybe a program like that except without the keylogging part (so it wont need global hooks), will be able to send screenshots through the internet even though i block internet access.

is it possible?

Try to give it global hooks and see what happens and let me know if that is something to worry about.

And also, with appdefend shutdown, using only my firewall I successfully blocked the test.

My only concern here is how does it send information from my computer to the internet even though I press block on the network access prompts from appdefend. On my test I was using appdefend only. With my firewall shutdown.

This means that any app can send data and screenshots right through appdefend using the same method as pcaudit. :(

btw, the firewall i use is look & stop and it blocks the pcaudit test with no probs.

Hi Ringsong,

Do any of your applications in the list have NETWORK ACCESS set to allow? If so try setting them back to ASK USER. AppDefend doesn't cover NEW DLL's using existing processes to communicate out through the internet like LnS would. Mostly because it already covers most of the DLL injection methods these sorts of programs use. Hope that helps.

hi Jason,

there are absolutely no applications that i allow network access for.

I like to press allow at each prompt and that's how i've been using appdefend through my trial which is about 5 days from expiration.

i'd like to see if i can get it to fully block pcaudit before my trial is up.

Jason, have you tried allowing global hooks for pcaudit? If not please try.

After you allow global hooks, you are done for. pcaudit will pass through appdefend even if you answer BLOCK to the network prompts.

When you block global hooks that is just stopping the keylogging. And the way pcaudit was made does not allow you to pass to the next step unless it logs something. So you might think it was blocked....

But this also mean that if another application based on the pcaudit technology wants to send some info through the internet without keylogging then it can be done. all right under appdefends nose.

please try it and you will see. I have tested it almost 100 times in every possible way and it gets by appdefend every time.

just allow global hooks and you will see that pcaudit can access the internet even if you block the network access prompt.

its very strange. please if anyone else can try it and confirm so Jason will know im not crazy. pleeeasse.

Hi ringsong,

I will have to check, but it could be a possibility that it uses RAW sockets to connect out. If this is the case then as mentioned in the release thread, AppDefend currently won't catch it, a future build will however.

-{ Quote: "
Would you mind emailing me the crash minidump from these BSOD so I can analyze your problem?" }-

Normally i'd not have any problem sending them to you.
however i'm not sure the dump even took place
It just rebooted without any form of blue screen
nor anything after next boot

After i am currently thinking about it and maybee it's because i have set some setting to ask/block instead of ask/enable


On another point you are totally rigth. I used sysinternals's autorun and i realised that i have to much .sys driver however i do not want to play with those directly i prefer to identify to wich applicatin they belong and uninstall them if necessery


HKLM\System\CurrentControlSet\Services

+ a347bus Plug and Play BIOS Extension (Not verified) c:\windows\system32\drivers\a347bus.sys

+ a347scsi SCSI miniport (Not verified) c:\windows\system32\drivers\a347scsi.sys

+ AMON Amon monitor (Not verified) Eset c:\windows\system32\drivers\amon.sys

+ AnyDVD AnyDVD Filter Driver (Not verified) SlySoft, Inc. c:\windows\system32\drivers\anydvd.sys

+ ElbyCDFL ElbyCDIO Filter Driver (Not verified) SlySoft, Inc. c:\windows\system32\drivers\elbycdfl.sys

+ ElbyCDIO ElbyCD Windows NT/2000/XP I/O driver (Not verified) Elaborate Bytes AG c:\windows\system32\drivers\elbycdio.sys

+ GEARAspiWDM CDRom Class Filter Driver (Verified) GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys

+ ghostsec Ghost Security Unified Driver (Not verified) Ghost Security c:\program files\ghostsecuritysuite\ghostsec.sys

+ NPF npf (Not verified) CACE Technologies c:\windows\system32\drivers\npf.sys

+ PxHelp20 Px Engine Device Driver for Windows 2000/XP (Not verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys

+ snapman Acronis Snapshot API (Not verified) Acronis c:\windows\system32\drivers\snapman.sys

+ timounter TrueImage Backup Archive Explorer (Not verified) Acronis c:\windows\system32\drivers\timntr.sys

+ WinDriver WinDriver Device Driver 5.05b (Not verified) Jungo c:\windows\system32\drivers\windrvr.sys