Configuration feedback....

Hi.
I wish we could get an FAQ with setup for most of the programs that people are using...
I was wondering if something was wrong with my configuration...?
Thanks for your kindly help.

 

Hi . You didn't have to add "cftmon.exe", in that ?

 

Hi A884126, Rather a long list!
I'll add a few comments about the programs I know.

NOD32.exe - Why?
OP2 - Add Close Message handling - Outpost has little closedown protection although gusing it's password protection will help
WormGuard - Remove, as it is not a process as such
TDS3 - Add Close message Handling
Not sure why True Image is on there at all
I only have Outllok and Frontpage from office on my protection list.
SpywareGuard just the SGBHP & SGmain
I have no manual updaters listed.

I am sure others will comment

 

To tell you the truth I do not really know, some people do some don't.
In my log 'ctfmon.exe' is always trying to create 'global Shell hook', 'global message hook' and 'global CBT hook' (and BTW what's this last one?)
Pilli what do you think? Should I add 'ctfmon.exe', 'dumprep.exe' and 'Rundll32.exe' ?

- NOD32.exe - Why?
I thought it was recommended to add all AV, AT, firewall and other security appz.

- OP2 - Add Close Message handling - Outpost has little closedown protection although gusing it's password protection will help
'Close Message handling' added.

- WormGuard - Remove, as it is not a process as such
I thought it was recommended to add all AV, AT, firewall and other security appz.
I found this configuration on https://www.wilderssecurity.com/showthread.php?t=39518&highlight=configuration and
https://www.wilderssecurity.com/showthread.php?t=36073&highlight=configuration

- TDS3 - Add Close message Handling
Done.

- Not sure why True Image is on there at all
Me neither but I found it in the forum when I tried to consolidate most people' rules. This one comes from you https://www.wilderssecurity.com/showthread.php?t=36768&highlight=configuration

- I only have Outllok and Frontpage from office on my protection list.
OK. But I guess because you are not using the other appz, are you?

- SpywareGuard just the SGBHP & SGmain
OK the update has been removed. I read that some people said that most update exe should be protected. Wrong idea?
BTW I got this one from https://www.wilderssecurity.com/showthread.php?t=36073&highlight=configuration

- I have no manual updaters listed.
What do you mean? You add automaic updater to your list but not the manual ones?

Thanks for your kindly help.

 

Hi again,
Looking at your first post in more detail it appears that the default set is missing? Or are they above what can be seen in your screenshot?

WG does not run as a process, so I cannot see the point - If the WG .exe was to change then Process Guard checksums would alert you.
NOD32 Control center does not run as a process as such not like the resident parts.
As far as I know True image does not connect to the net.
I have TDS3's updater on my list as it does do auto updates twice a week if you let it and the same with KAV though it is set for twice daily updates.
I have no other programs which have auto update enabled, any updater that is changed would give a checksum change in PG.
Also my firewall will alert me if anything regarding those connections changed.

I do use all the Office programs but do not allow them web access as a rule.

To a certain extent I think what you place on the protection list is probably equal to whatever level of paranoia one is at

I believe in the old adage KISS (keep it simple stupid) which I apply to myself most diligently

Pilli

 

Hi ! . I just asked you about cftmon.exe because it will flash the PG's systray icon , if you have "4. Block global Hook", in your Protection/general protection options, as you said . But sorry, I don't know more than you about cftmon.exe... (I just put it in the protected programs list to avoid it requesting for "global hook" permanently...)

Cheers

 

Hi nico-nico, I do not have cftmon on my protection list and I do usually get two or three logs a day about global hooks from cftmon, these are to do with language and also mouse gestures - I ignore them as I have noticed no related problems

 

Looking at your first post in more detail it appears that the default set is missing? Or are they above what can be seen in your screenshot?
Well guess as the default set is above. The screen was not big enough

WG does not run as a process, so I cannot see the point - If the WG .exe was to change then Process Guard checksums would alert you.
OK. I will remove the 3 'exe'

NOD32 Control center does not run as a process as such not like the resident parts.
What about the updater. Which is true for TDS and KAV is not for NOD32?

As far as I know True image does not connect to the net.
True so I guess what I read was wrong. Then I removed it.

I have TDS3's updater on my list as it does do auto updates twice a week if you let it and the same with KAV though it is set for twice daily updates.
See NOD32 above.

I have no other programs which have auto update enabled, any updater that is changed would give a checksum change in PG.
Do you mean that all auto update programs should be on the list?
If so, should I have the update program and the main program *.exe?

Also my firewall will alert me if anything regarding those connections changed.
I guess same here with OP (which is close to ZA that you use, don't you?)

I do use all the Office programs but do not allow them web access as a rule.
OK I understand, but it not my case as Office 2003 latest version requires internet connection to fonction properly. For instance most of the Help is now online.

Nico-nico, as Philli said I did not face yet, any concern with 'cftmon.exe'. Yes the request for 'global hook' is in my log program but the computer is running fine. Which is not the case for MyIE2 or MusicMatch if I do not allow 'global hook'.
To tell you the truth I do not see the need to add it in the protection list.

Philli you did not answer regarding 'dumprep.exe' and 'Rundll32.exe'. Should we add them also to the list or not?

Cheers

PS: Just a thought... we should really start to build a generic list as a sticky thread. Don't you think so? It will help our community.

 

Hi! . Thanks, Pilli, now I know a little bit more about this cftmon.exe... .
And A884126, you know, I didn't tell you about the same cftmon.exe as an "authorized opinion" . I just told it to you to prevent PG's systray flashs ... but if you are OK with that, you decide... . And I agree with you, in the wish of a PG's "protection list configuration" new topic , but let's don't forget that most of this can be found as browsing this forum, I think... . Whatever, I'm not opposed to this eventual new topic, if needed

OK, Cheers

 

NOD updater can be added if you use it automatically I would not bother with the main .exe if the program is not security related or web enabled.

I use Kerio 2.1.5 on two machines
old but good & Outpost V2 and another. All through a router.

I do not think your statement on Office 2003 can be exactly true as many users do not have web access either at home or at work. Having the on line help is just a bonus for those that wish to use it but it is almost certainly not mandatory. I have friends that use 2003 Word, Excel and Powerpoint with no Internet connection.

dumpreg & rundll are not on the default list so probably not considered vulnerable. Jason will have to answer that one though I can see no harm in adding them.

nico-nico's comment about a general guide is being addressed as Gavin is trying to gather as much user information about their setups to create a program knowledge base when he has the time. So send your saved protction list's to him. support@diamondcs.com.au


Thanks Pilli

 

I guess this is it, and that our thread can be now considered as closed.
Thanks both for your precious help.
I will send to Gavin my protection list.

Thanks again.
Pete

 

Cheers A666146, I know that as Process Guard matures it will only improve and it is down to the users. - Users input is invaluable - DCS does listen & respond

Thanks. Pilli