concerned807
January 16th, 2007, 12:31 PM
One of the biggest incentive for me to use SSM is the ability to protect security programs I am already running on my Windows XP SP2.
In this thread, I'd like to solicit ideas of SSM application rules to protect security programs. The goal of the rule configuration is to have SSM protect security programs from termination and modification. As the well thought out SSM by default already protects files or registry entries, I want to limit the rule configuration in this thread to applications level.
Security programs I am running:
- Outpost Personal Firewall Pro 2.5.375.4822 (374)
- Avast Antivirus Pro 4.7.938
- BOClean 4.22
o SSM 2.2.0.604
I feel comfortable with protecting as tightly as possible security programs that do not get updated often using SSM. However, I don't feel the same about those programs that do get updated often. I am concerned that super-tight rules may result in failed/aborted updates of those programs.
As such, so far I configured SSM to protect only Outpost Firewall explicitly.
{QUOTE-> Program to protect: C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
SSM configurations:
Applications -> Process control:
Checked: Restart process if terminated
Applications -> Protection: Checked all the below
Protect from termination
Protect from suspending
Protect from remote code control
Protect from remote data modification <-QUOTE}
It is the frequently updating programs - Avast and BOClean in my case, that make me scratch my head. ??? On one hand, I want to prevent them from undesirable modifications. While on the other, I want those program to get legitimate updates smoothly.
I have found the following Avast and BOClean processes running. To protect Avast and BOClean, do I want to apply the same rules that I've applied to Outpost.exe? If different, please advise, in details if possible.
Avast application processes (please advise anything missed):
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
BOClean application processes:
C:\Program Files\BOC422.EXE
C:\Program Files\BOCore.exe
Of course, if your security programs are different from mine and/or you've configured your SSM to protect your security programs differently, by all means, please add all those to this thread.
I hope this thread will be helpful to all users of SSM. :)
In this thread, I'd like to solicit ideas of SSM application rules to protect security programs. The goal of the rule configuration is to have SSM protect security programs from termination and modification. As the well thought out SSM by default already protects files or registry entries, I want to limit the rule configuration in this thread to applications level.
Security programs I am running:
- Outpost Personal Firewall Pro 2.5.375.4822 (374)
- Avast Antivirus Pro 4.7.938
- BOClean 4.22
o SSM 2.2.0.604
I feel comfortable with protecting as tightly as possible security programs that do not get updated often using SSM. However, I don't feel the same about those programs that do get updated often. I am concerned that super-tight rules may result in failed/aborted updates of those programs.
As such, so far I configured SSM to protect only Outpost Firewall explicitly.
{QUOTE-> Program to protect: C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
SSM configurations:
Applications -> Process control:
Checked: Restart process if terminated
Applications -> Protection: Checked all the below
Protect from termination
Protect from suspending
Protect from remote code control
Protect from remote data modification <-QUOTE}
It is the frequently updating programs - Avast and BOClean in my case, that make me scratch my head. ??? On one hand, I want to prevent them from undesirable modifications. While on the other, I want those program to get legitimate updates smoothly.
I have found the following Avast and BOClean processes running. To protect Avast and BOClean, do I want to apply the same rules that I've applied to Outpost.exe? If different, please advise, in details if possible.
Avast application processes (please advise anything missed):
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
BOClean application processes:
C:\Program Files\BOC422.EXE
C:\Program Files\BOCore.exe
Of course, if your security programs are different from mine and/or you've configured your SSM to protect your security programs differently, by all means, please add all those to this thread.
I hope this thread will be helpful to all users of SSM. :)