GeSWall's Attack Prevention

[omega5475]

Anyone using GeSWall having this problem?



I checked the logs and found there are many applications that isolates explorer.exe.

[aigle]

Hmm........... 2.6 version of GW!
Explorer.exe isolation was an old bug that was fixed and I never saw it with 2.6 and 2.7 beta. Probably it was with 2.5 version but I am not sure.
Can u post ur log as txt?

Go to GW console, Applications> system > Exploere.exe. Right click it and check its properties.
It must be always trusted.

Thanks

[omega5475]

Yup, explorer.exe is set to Always Trusted.



From the logs:

Code:

Opera.exe ISOLATE on start from explorer.exe
miranda32.exe ISOLATE on start from explorer.exe
firefox.exe ISOLATE on start from explorer.exe
utorrent.exe ISOLATE on start from explorer.exe

Basically, all the applications I use daily, have been isolating explorer.exe

[lucas1985]

You're misinterpreting the logs. They're saying that application xxx is isolated when it's launched by explorer.exe, not the other way around.

[omega5475]

oops... shame on me

Any idea why these applications are starting from explorer.exe and being labelled as an attack? They are all set to auto isolation while explorer.exe is "Always Trusted".

If I understand correctly, the System folder has a higher priority than the rest. Any programs starting from a trusted process should inherit the same security level, right?

[aigle]

Lucas is right.

Quote:

Opera.exe ISOLATE on start from explorer.exe

It means Parent process( explorer.exe) has launched child process ( Opera.exe) and opera is isolated. It,s the normal behavior.