I have been trying to protect Kerio 2.1.5 with PG and found with ver 3.4 and the latest that Kill 3 or 4 in APT will shut Kerio down. This protecting Kerio by ticking boxes "Termination" & "Modification. I tried ver 3.1.4.0 and it was successfull in stopping the closure.

Has anyone else found this?

You need to enable the SMH (Secure Message Handling) option on the process in PG's Protection tab to counter APT methods 3 and 4.

-{ Quote: "You need to enable the SMH (Secure Message Handling) option on the process in PG's Protection tab to counter APT methods 3 and 4." }-

Thanks Paranoid

Never sure when this should be enabled, obviously this is a case in point and it does prevent the exploit.

-{ Quote: " This protecting Kerio by ticking boxes "Termination" & "Modification." }-

What about reading?

Did you enable reading protection for all programs listed in PG? I'm surprised that apt could kill your firewall, APT by right should not be able to 'see' any processes on your computer at all IF you have reading protection on for all programs in PG. You don't even need SMH when you've got reading protection enabled, because APT can't read the running programs on your computer! :isay:

It's NOT PG failing to protect against APT, it's because you did not configure it correctly! With "reading" protection enabled APT CANNOT touch any process on your computer!

-{ Quote: "You need to enable the SMH (Secure Message Handling) option on the process in PG's Protection tab to counter APT methods 3 and 4." }-

I think she failed to notice the 'reading' protection feature in PG and did not enable it, thus APT could meddle with her firewall. ;) Maybe pictures will explain this situation further.

APT says 37 processes, but nothing is shown!

Do you get this in your PG logfile? Hope my explanation reveals the answer to this thread...

-{ Quote: "[/B]What about reading?

Did you enable reading protection for all programs listed in PG? I'm surprised that apt could kill your firewall, APT by right should not be able to 'see' any processes on your computer at all IF you have reading protection on for all programs in PG. You don't even need SMH when you've got reading protection enabled, because APT can't read the running programs on your computer! :isay:

It's NOT PG failing to protect against APT, it's because you did not configure it correctly! With "reading" protection enabled APT CANNOT touch any process on your computer!" }-

That is true, but it does not stop the process being killed.

Untick the reading, run APT and the process is displayed. Re enable Reading, and APT can still kill the process. So if APT had a command line I assume that Kerio could still be targetted.

As I understand it, the reading only makes it invisible not protected. Kerio is still listed in Windows Task Manager.

-{ Quote: "That is true, but it does not stop the process being killed." }-Indeed, if you were using an earlier version of APT, you could have terminated the process by specifying its ID manually (v4 dropped this feature).