neksus
January 20th, 2009, 10:15 PM
I don't think this was mentioned earlier, so here goes..
If you'd like to make removable drives automatically "untrusted" by GesWall free (tested in v2.7), and since Vista (SP1) enumerates devices slightly different than XP, you should do this:
First, find out the number of the USB port you're using to plug USB stick - Safely Remove Hardware>USB Mass Storage Device Properties>under Details select Physical Device Object Name for Property (as shown in the first picture)
205637
In this case it is attached to the 3rd USB port so the following need to be done in GesWall - under Resources new should be added with Threat Gates as Security Class, Name as Identity, and for resource this should be entered: \Device\HarddiskVolume3 (as shown in the second picture)
205638
Here you can easily see what is the difference compared to the entry needed for XP..
By this method all devices that are used on the same port will be untrusted by GW, no matter what drive letter Vista will reserve for the USB stick.
But, if the removable USB drive always gets the same drive letter assigned (e.g. E:\), then you can substitute \Device\HarddiskVolume3 with only E:\, just keep in mind that you will have to change this accordingly if you for example add another HDD to the system..
Using this rule in both XP & Vista you can make GW cover important ThreatGate that's being heavily exploited nowadays, and with couple more tweaks and that undocumented possibility to use preconfigured rules from paid version (if/when you are too lazy to make them yourself:)) this free tool easily becomes one of the most powerful malware stoppers.
If you'd like to make removable drives automatically "untrusted" by GesWall free (tested in v2.7), and since Vista (SP1) enumerates devices slightly different than XP, you should do this:
First, find out the number of the USB port you're using to plug USB stick - Safely Remove Hardware>USB Mass Storage Device Properties>under Details select Physical Device Object Name for Property (as shown in the first picture)
205637
In this case it is attached to the 3rd USB port so the following need to be done in GesWall - under Resources new should be added with Threat Gates as Security Class, Name as Identity, and for resource this should be entered: \Device\HarddiskVolume3 (as shown in the second picture)
205638
Here you can easily see what is the difference compared to the entry needed for XP..
By this method all devices that are used on the same port will be untrusted by GW, no matter what drive letter Vista will reserve for the USB stick.
But, if the removable USB drive always gets the same drive letter assigned (e.g. E:\), then you can substitute \Device\HarddiskVolume3 with only E:\, just keep in mind that you will have to change this accordingly if you for example add another HDD to the system..
Using this rule in both XP & Vista you can make GW cover important ThreatGate that's being heavily exploited nowadays, and with couple more tweaks and that undocumented possibility to use preconfigured rules from paid version (if/when you are too lazy to make them yourself:)) this free tool easily becomes one of the most powerful malware stoppers.