Hi there As a newbie to Process Guard I was wondering if any one out there could/would be able to advise me as to (i) what executables I should add to PG's list to be protected and (ii) what privileges I should Allow/Block in each case, with regard to protecting the key components of NIS2004, ie, the firewall, IDS & AntiVirus components? Any help/advice would be gratefully accepted. Many thanks in advance. Baldrick
Hi, Baldrick I Will not be of a lot of help as I do not Symantec Products. But this is what a serch found:- https://www.wilderssecurity.com/showthread.php?t=26529&highlight=2004 Hope this is of some help. TheQuest
Here is what I have set up for NIS 2004. You will find them in various folders of NIS 2004. On all of these I have: BlOCKED FLAGS for Write, SetInfo, Terminate, Suspend. ALLOW FLAGS for Write, SetInfo, Terminate, Suspend, GetInfo, Read. OPTIONS to Allow Global Hooks. For IDSLU.EXE, IDSCOLU.EXE and SYMLCSVC.EXE I also have Allow Drivers/Services Install as well as Allow Global Hooks in OPTIONS. PLEASE NOTE: I had to TURN OFF "Block Global Hooks" in General Protection because it seems to cause NIS 2004 to fail to randomly fail to load on system reboot. This is a problem that I think Jason is working on for the next release. Here are the pgms: CCAPP.EXE CCEVTMGR.EXE CCPROXY.EXE CCPWDSVC.EXE CCSETMGR.EXE SMNLNCH.EXE SNDSRVC.EXE SYMLCSVC.EXE SBSERV.EXE URLLSTCK.EXE SAVSCAN.EXE NAVAPW32.EXE
Hi siliconman01 Thanks very much for the information. I will set it up and give it a try. By the way do you know anywhere that I can get some more detailed information on the General Protection options? The Help document (unless I am missing something) is not as explanatory as I would have hoped..........or is it that I am new to all this and just learning. In any case additional information in this area would be useful. Thanks in advance. Regards Baldrick
The Help file in PG is the only documentation I am familiar with. You might create a thread on the forum asking for a more detailed explanation. Jason, Wayne and others are very helpful in explaining things such as this.
Hi siliconman01 Had thought about that and may try. However, if I may abuse of your kindness with another question? Do the components of LiveUpdate need to be given the appropriate permissions to update the components of NIS2004 that have been set to be protected by Process Guard? Unfortunately I cannot try this as I am up to date re. any Symantec component updates at the moment. Is this something that you have come across or has caused you a problem? Once again, thanks for any help/advice that you can provide. Regards Baldrick
I have set IDSLU.exe and IDSCOLU.exe to have full permissions because Symantec Liveupdate may be a program update, a driver update, and other elements of NIS 2004 as well as the antivirus/security definition files. You have no forewarning as to what is going to come in a LiveUpdate from Symantec. With this setup I have not seen any conflicts with PG and any LiveUpdate...they occur smoothly. HTH
I must be thick or something but IDSLU.exe and IDSCOLU.exe reside in \SymantecShared\IDSDefs that I thought related to the IDS component. What about the .EXEs that reside in \Program Files\Symantec\LiveUpdate? Do not any of these need to have full permissions? I appreciate you point about not having seen any conflicts to date but was just wandering. Any thoughts? Regards Baldrick
I have not seen any operational need or conflict NOT having the items in folder c:\documents and settings\all users\application data\symantec\LiveUpdate OR c:\program files\symantec\LiveUpdate in PG... (sorry for the double negative). Also once you have things set up in PG, you might be able to test it today because there is a Symantec liveupdate available if you manually initiate LiveUpdate. It's a program update apparently.