Pilli
October 22nd, 2004, 11:22 AM
Just been doing some tests with Secure Meassge Handling - Formerly known as Close Meaasge Handling - Latest and, hopefully, last V3 beta. :)
Here is a copy of the Alert text:
Fri 22 - 16:16:45 [TERMINATE] c:\winnt\system32\svchost.exe [720] was blocked from terminating c:\tds3\tds-3.exe [3852]
Fri 22 - 16:16:50 [GLOBAL HOOK] [1244] was blocked from creating a global Call Wndproc Return hook
Fri 22 - 16:16:56 [EXECUTION] "c:\winnt\system32\drwtsn32.exe" was blocked from running
[EXECUTION] Started by "Unknown Process" [3808]
[EXECUTION] Commandline - [ c:\winnt\system32\drwtsn32 -p 3808 -e 544 -g ]
Fri 22 - 16:17:00 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:04 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:06 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:06 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:08 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:08 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:08 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:08 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:08 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:08 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:08 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:08 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:08 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:08 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:08 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:54 [EXECUTION] "c:\tds3\ext.sys\execprot.exe" was allowed to run
[EXECUTION] Started by "c:\program files\processguard\procguard.exe" [1812]
[EXECUTION] Commandline - [ c:\tds3\ext.sys\execprot.exe tds|tdsdll-test:c:\program files\processguard\\logs ]
Fri 22 - 16:17:57 [EXECUTION] "c:\tds3\ext.sys\execprot.exe" was allowed to run
Here is a copy of the Alert text:
Fri 22 - 16:16:45 [TERMINATE] c:\winnt\system32\svchost.exe [720] was blocked from terminating c:\tds3\tds-3.exe [3852]
Fri 22 - 16:16:50 [GLOBAL HOOK] [1244] was blocked from creating a global Call Wndproc Return hook
Fri 22 - 16:16:56 [EXECUTION] "c:\winnt\system32\drwtsn32.exe" was blocked from running
[EXECUTION] Started by "Unknown Process" [3808]
[EXECUTION] Commandline - [ c:\winnt\system32\drwtsn32 -p 3808 -e 544 -g ]
Fri 22 - 16:17:00 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:04 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:06 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:06 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:08 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:08 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:08 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:08 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:08 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:08 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:08 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:08 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:08 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:08 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:08 [MODIFY] c:\documents and settings\alan\desktop\utils\apt2c.exe [1244] was blocked from modifying c:\tds3\tds-3.exe [3852]
Fri 22 - 16:17:54 [EXECUTION] "c:\tds3\ext.sys\execprot.exe" was allowed to run
[EXECUTION] Started by "c:\program files\processguard\procguard.exe" [1812]
[EXECUTION] Commandline - [ c:\tds3\ext.sys\execprot.exe tds|tdsdll-test:c:\program files\processguard\\logs ]
Fri 22 - 16:17:57 [EXECUTION] "c:\tds3\ext.sys\execprot.exe" was allowed to run