AppDefend x64 BETA Released (XP64)

Discussion in 'Ghost Security Suite (GSS)' started by Jason_R0, Nov 22, 2005.

  1. Defenestration

    Defenestration Registered Member

    BTW, I am running XP Pro x64 SP2 with ALL updates, and I don't get any notification about new Kernel Patch Protection when installing AD x64 alpha 3, even though I imagine I must have the latest KPP.
  2. Defenestration

    Defenestration Registered Member

    I think I know the problem - I used nLite to slipstream SP2 and all updates to 2nd December 2007 onto my XP x64 SP1 CD, to create a new installation CD. I then used this to install XP x64. Therefore, the KPP updates cannot simply be un-installed by using Add/Remove Programs to remove the relevant KB's.

    Is there any way around this so people, who have slipstreamed updates, can un-install the KPP updates and use GSS ?
  3. lucas1985

    lucas1985 Retired Moderator

    You'll have to make a new custom CD.
  4. Defenestration

    Defenestration Registered Member

    Which KB's should I not slipstream to get rid of the KPP updates ?

    Also, do these KB's only contain the KPP updates, or do they also contain other fixes ?
  5. Defenestration

    Defenestration Registered Member

    While it may not be possible to automatically remove the KPP updates from slipstreamed installations (although that would be handy), would it be possible to have some sort of special alert in the GSS x64 build, which would be displayed when a possible KPP update was being attempted. Without looking into exactly what files are being changed when the KPP is updated, would it be possible to have a list of these files, and then alert when one of these was about to be changed ?

    I suppose this kind of functionality would be a specialized form of a new "FileDefend" ® © :D module (which could allow/block creation/modification/deletion of files and folders, based on a rule-set).
  6. Defenestration

    Defenestration Registered Member

    Update for Windows XP x64 Edition (KB914784) is the first update to KPPv2.

    Update for Windows XP x64 Edition (KB932596) is the second update to KPPv3.

    NOTE: KB932596 supersedes KB914784.
  7. Defenestration

    Defenestration Registered Member

    According to the MS Security Advisory for KB914784, only two files were updated - "Ntkrnlmp.exe" and "Ntoskrnl.exe".

    Since other non-KPP updates may also modify these files, then the alert should stress that these updates may not be KPP updates, but this would be a powerful tool against KPP updates.
  8. Defenestration

    Defenestration Registered Member

    Jason - Would it be OK to simply replace the two files, "Ntkrnlmp.exe" and "Ntoskrnl.exe" with those from my XP x64 SP1 install CD (as it would be a pain to have to re-install XP along with all my other apps) ?
  9. Jason_R0

    Jason_R0 Developer

    I think that should be fine, in theory. As they rarely change anything major in those modules (besides KPP of course). I can see an instance where Microsoft try to roll out some major update with a new version of KPP bundled along with it, but then the major update would have to have something worthwhile for us to want to upgrade to it. :)

    Whenever something important comes with KPP, I will have to "fix" that version of KPP, but for now uninstalling the updates is the preferred method if you want system speed and stability.

    I will probably have to use a better method to detect the version of KPP installed rather than relying on those updates being installed into the registry, file version checks, things of this nature.
  10. TheQuest

    TheQuest Registered Member

    Hi, Defenestration

    There is aways Repair Install which would save you having to reinstall all of your apps, and then edit your update install. :doubt:

    Take Care,
    TheQuest :cool: