When BoClean v4.11 updates, PG asks to allow each time. I have 4 BoClean EXE modules allowed, including the boc4upd exe . Is this by design or have I missed something in my config?
Hi marsupialus, I am not a BoClean user but I guess that the updater .exe is being updated on a regular basis and therefore it's checksum is different each time much as TDS3's DCSmutex.exe. In ProcessGuard 3.1 there is no provision for excluding a .exe by name. So ATM you have to permit each time or switch off Execution Protection. There are pros and cons to this from the security point of view, so maybe a later version may include an advanced option to exclude certain named files. HTH Pilli.
Your guess is close, Pilli. Actually, the updates to BOClean's signature file are distributed in the form of an executable, an update.exe downloaded into the %TEMP directory. Each time an update is performed, PG notices that this %TEMP\update.exe has been "altered" since the last time it ran. I guess I'd attribute the awkwardness more to BOClean's design than to PG's. Appeals have been made for a way that PG could exempt this kind of nuisance (or even this particular one) but I don't know if any decision has been settled upon. Edit: I see, now, Pilli that's exactly what you said.
At least I know what PG is accomplishing. Hey, how would it know if a file was altered for nefarious reasons? I can live with that. Thanks for the info.
The just released BoClean 4.12 solves this issue - they changed the update method so it no longer runs a new .exe from the temp folder. So no more PG alerts when updating.
No, not normally, this only occurs when the updater.exe is changed or when new or changed component .exe is as part of the update.