PG set-up to protect NIS2004?

Hi there

As a newbie to Process Guard I was wondering if any one out there could/would be able to advise me as to (i) what executables I should add to PG's list to be protected and (ii) what privileges I should Allow/Block in each case, with regard to protecting the key components of NIS2004, ie, the firewall, IDS & AntiVirus components?

Any help/advice would be gratefully accepted.

Many thanks in advance.


Baldrick

 

Hi, Baldrick

I Will not be of a lot of help as I do not Symantec Products.

But this is what a serch found:-
https://www.wilderssecurity.com/showthread.php?t=26529&highlight=2004

Hope this is of some help.
TheQuest

 

Here is what I have set up for NIS 2004. You will find them in various folders of NIS 2004. On all of these I have:

BlOCKED FLAGS for Write, SetInfo, Terminate, Suspend.
ALLOW FLAGS for Write, SetInfo, Terminate, Suspend, GetInfo, Read.
OPTIONS to Allow Global Hooks.

For IDSLU.EXE, IDSCOLU.EXE and SYMLCSVC.EXE I also have Allow Drivers/Services Install as well as Allow Global Hooks in OPTIONS.

PLEASE NOTE: I had to TURN OFF "Block Global Hooks" in General Protection because it seems to cause NIS 2004 to fail to randomly fail to load on system reboot. This is a problem that I think Jason is working on for the next release.

Here are the pgms:

CCAPP.EXE
CCEVTMGR.EXE
CCPROXY.EXE
CCPWDSVC.EXE
CCSETMGR.EXE
SMNLNCH.EXE
SNDSRVC.EXE
SYMLCSVC.EXE
SBSERV.EXE
URLLSTCK.EXE
SAVSCAN.EXE
NAVAPW32.EXE

 

Hi Quest

Thanks for the link. I will wade through the detail. A great help.

Regards



Baldrick

 

Hi siliconman01

Thanks very much for the information. I will set it up and give it a try. By the way do you know anywhere that I can get some more detailed information on the General Protection options? The Help document (unless I am missing something) is not as explanatory as I would have hoped..........or is it that I am new to all this and just learning. In any case additional information in this area would be useful.

Thanks in advance.

Regards



Baldrick

 

The Help file in PG is the only documentation I am familiar with. You might create a thread on the forum asking for a more detailed explanation. Jason, Wayne and others are very helpful in explaining things such as this.

 

Hi siliconman01

Had thought about that and may try. However, if I may abuse of your kindness with another question? Do the components of LiveUpdate need to be given the appropriate permissions to update the components of NIS2004 that have been set to be protected by Process Guard? Unfortunately I cannot try this as I am up to date re. any Symantec component updates at the moment. Is this something that you have come across or has caused you a problem?

Once again, thanks for any help/advice that you can provide.

Regards



Baldrick

 

I have set IDSLU.exe and IDSCOLU.exe to have full permissions because Symantec Liveupdate may be a program update, a driver update, and other elements of NIS 2004 as well as the antivirus/security definition files. You have no forewarning as to what is going to come in a LiveUpdate from Symantec. With this setup I have not seen any conflicts with PG and any LiveUpdate...they occur smoothly.

HTH

 

I must be thick or something but IDSLU.exe and IDSCOLU.exe reside in \SymantecShared\IDSDefs that I thought related to the IDS component. What about the .EXEs that reside in \Program Files\Symantec\LiveUpdate? Do not any of these need to have full permissions? I appreciate you point about not having seen any conflicts to date but was just wandering.

Any thoughts?

Regards


Baldrick

 

I have not seen any operational need or conflict NOT having the items in folder c:\documents and settings\all users\application data\symantec\LiveUpdate OR c:\program files\symantec\LiveUpdate in PG... (sorry for the double negative).

Also once you have things set up in PG, you might be able to test it today because there is a Symantec liveupdate available if you manually initiate LiveUpdate. It's a program update apparently.