can geswall free isolate your dvdrom/usb drives? i tried it by adding a new resource but it doesnt seem to work. does it only work in the pro version?

-{ Quote: "I made a lot of changes to my ruleset. Some of the additional rules I have made are to control access to external devices as explained below, which might be of interest to you.

In Resources you can create rules to mark (external) devices as Threat Gates, such that anything running from these devices is isolated. Or, in a similar way, you can prevent isolated applications access to these devices.

The resource rule to be used to mark a device as Threat Gate is:

Identity: \Device\XXX
Type: File
Class: Threat Gates

Similar, to deny read access to a device for isolated applications, you can use:

Identity: \Device\XXX
Type: File
Class: Confidential

where XXX depends on the external device you want to mark as Threat Gate or Confidential as described below.

USB-stick:
XXX depends on the number of harddisks and the number of CD/DVD player/writers you have on your machine.
If you have for example two harddrives, then for the first harddrive XXX = Harddisk0 and for the second harddrive XXX = Harddisk1.
In this case, for the first USB-stick you put in a USB-port of your machine XXX = Harddisk2, for the second USB-stick XXX = Harddisk3, etc.

The same holds for CD/DVD player/writers. If you have a single CD/DVD player/writer XXX = CdRom0.
Some USB sticks have a U3 system on it. For the first U3 system part XXX = CdRom1 (use the same numbering scheme as for Harddisk).
You can also cover all CD/DVD player/writers and U3 system parts of USB-sticks in one rule using XXX = CdRom

Virtual CD-ROM:
I use Virtual CD-ROM Control Panel v2.0.1.1 (from MS) to mount iso files as virtual CD-ROM.
This virtual CD-ROM can be marked as Threat Gate using XXX = VirtualCdRom

Network shares:
Network shares can be marked as Threat Gate by using XXX = LanmanRedirector.

Floppy disks:
Use XXX = Floppy

Webcam:
For my webcam (might be different for yours) I can use XXX = USBPD and Type = Device (instead of File).
" }-

Posted at geswall forums by Henk

already tried this and it doesnt work

different threat gates are different on different computers, for example: my dvd drive on this vista laptop is marked as (E) however on my old XP pro desktop (E) was a usb drive, theyre all different, it seems geswall is complicated if you have the free version and you arent a rocket scientist :-\

-{ Quote: "different threat gates are different on different computers, for example: my dvd drive on this vista laptop is marked as (E) however on my old XP pro desktop (E) was a usb drive, theyre all different, it seems geswall is complicated if you have the free version and you arent a rocket scientist :-\" }-

yes ived tried just putting in E:\(my dvd drive) as aigle has said in another thread but it doesnt work when i put in a cd with .jpg pictures and when i open a picture there is no G sign on the upper right had corner like it should.

-{ Quote: "That's probably because you have Windows Picture and Fax Viewer as your default picture viewer?

I'm not quite sure how GeSWall isolates folders/drives, but perhaps it doesn't automatically open the folder/drive with an isolated explorer.exe (like Sandboxie does)?

From my own experiments, Windows Picture and Fax Viewer is not able to be forced to run isolated with GeSwall by default - you need to specifically open the picture file isolated (I think by right-click). Interestingly, the same concept applies for DefenseWall and Sandboxie, although Sandboxie has another way of getting around this.

The only other file type that may not automatically open isolated with GeSWall are certain video files, and only if Windows Media Player is your default video player.

Anyway, do all files not run isolated? Or is it just .jpg and other picutre files? If the latter, then you have your answer/explanation as above." }-


hmm ic never tried any other cd or usb, but ill try and report back

just inserted an avira rescue cd and had a .txt file in there and when i opened it, it wasnt isolated

I think i started a thread a while back, posting/asking the same question. The quote that Kees provided is actually how to isolate the usb drives, but some how doesn't work with 2.9. I've tried as much as i can, but it doesn't isolate automtically. For instance, when i isolate, say, my X:\, the usb inserted does get isolted. But when i unplug and plug it back in GeSWall doesnt isolate the same usb. But manually inserting the resource rule gain via GeSWall console isolates the drive. I'm not a 100% on why its not working. A glitch in 2.9 maybe.

Isolating Removable drives with GeSWall? (http://www.wilderssecurity.com/showthread.php?t=249960)

-{ Quote: "This feature not working OK. If you create the rule and USB stick/ drive is plugged in, rule will work. Now if you eject the stick/ hard disk and replug in, rule no more works. Re-create it and it will work again until you remove the USB stick/ disk etc. It,s abug since previous version I think." }-

Feature is broken.

http://www.wilderssecurity.com/showthread.php?t=249960

-{ Quote: "Feature is broken.

http://www.wilderssecurity.com/showthread.php?t=249960" }-

even for the cd/dvd drive?

The CD/DVD isolation resource rule used to work for me in 2.8, but not in 2.9.

-{ Quote: "even for the cd/dvd drive?" }-
let me check and i wil reply. What's your OS?

windows xp 32bit (my secondary computer)

my main computer is vista 64bit so i will have to wait for geswall free 3.0 if i want it on my main comp

OK, on XP SP2, CD/ DVD isolation seems to work.

To configure CD/DVD as a source of untrusted files follow this steps:
Open GeSWall Console and click on 'Resouces' folder.
Click right mouse button and select 'New\Add Resource..'
In the dialog:
Set 'Security Class' to 'Threat Gates'
Set 'Resource Type' to 'File'
Set Identity by 'Name'
Type \Device\CdRom in 'Resource' edit box.
Press OK button( Sometimes you need to reboot here or just stop and restart geswall service).
Now if you start an application from CD or DVD it must be isolated.

How to confirm: Run an executable from CD and you will see it isolated.

http://www.gentlesecurity.com/docs/geswallfaq07.html#q4

-{ Quote: "yes ived tried just putting in E:\(my dvd drive) as aigle has said in another thread but it doesnt work when i put in a cd with .jpg pictures and when i open a picture there is no G sign on the upper right had corner like it should." }-
Pictures are opened by explorer that is trusted in geswall, so it,s not isolated. Workaround is to use another image viewer. I use portable XnView that,s very light. So is IrfanView.-{ Quote: "just inserted an avira rescue cd and had a .txt file in there and when i opened it, it wasnt isolated" }-
Isolated txt files, jpg and other images etc are not isolated unless the program which is opening them like notepad, XnView etc is added to the isolated application list in the geswall console. It,s a version 2.9 bug actually that needs to be corrected.

ok thx but i thought u said the \Device\CdRom doesnt work for 2.9 and adding resources should work for geswall free versoin right?

For CD Rom it will work. Doesn,t work for USB sticks etc.

ah ic but its a dvd drive. should i type DvdRom instead of CdRom? and it works for geswall free right? not just pro

Just CdRom should be fine. It works on free as well. I dont think the free version has any restrictions in creating custom resource rules.

Yes, that must be true.

hey aigle do you know when geswall free will be out for 64bit? im dying to have some kind of intrustion prevetion protection on my 64bit OS comp.