Greetings to all. I had purchase PG on April but only now I'm trying it and I've something to ask: I use F-Secure Internet Security 2004 and I like to know the configuration in Program Protection, because there are too many exe in this program. I see this in my log: 6 Jul 11:40:06 - [P] c:\windows\system32\svchost.exe [1108] tried to gain TERMINATE access on c:\programmi\f-secure internet security\fwes\program\fsdfwd.exe [2548] 6 Jul 11:40:06 - [P] c:\windows\system32\svchost.exe [1108] tried to gain TERMINATE access on c:\programmi\f-secure internet security\fwes\program\fsdfwd.exe [2548 It's correct? Thanks for your replyies
Hi ^Ale, If these are just a few random lines in your log you can safely ignore them. The operative word is "Tried" to gain terminate access, not that it actually wants to terminate the program, many programs try to read , getinfo etc. on other programs although they may never actually use the ability. If, however, you get continuous logs you may need to give the necessary "Allows" as the program may need to have access to run correctly. HTH Pilli
Thanks Pilli. Here is a copy of my last log. Welcome to DiamondCS Process Guard. This program does not need to be running for your system to be protected. 6 Jul 15:01:58 - Window Log Started 6 Jul 15:01:59 - Initializing Process Guard over 2 steps. If either step fails some protection may not be active. 6 Jul 15:01:59 - [1 of 2] Success: Driver is active and secure. 6 Jul 15:01:59 - [2 of 2] Success: Process Guard's Protection is currently Enabled. 6 Jul 15:01:59 - General Protection Options 6 Jul 15:01:59 - [1 of 4] Block End-Task is disabled. 6 Jul 15:01:59 - [2 of 4] Block Appinit registry key is disabled. 6 Jul 15:01:59 - [3 of 4] Block Drivers/Services is disabled. 6 Jul 15:01:59 - [4 of 4] Block Global Hooks is disabled. 6 Jul 15:02:00 - [EXECUTION] c:\windows\system32\fxssvc.exe with commandline c:\windows\system32\fxssvc.exe was ALLOWED to run 6 Jul 15:02:00 - [EXECUTION] c:\programmi\f-secure internet security\backweb\4476822\program\fsbwst.exe with commandline 1.3.6.1.4.1.2213.42.1 was ALLOWED to run 6 Jul 15:02:00 - [EXECUTION] c:\programmi\f-secure internet security\common\fch32.exe with commandline 1.3.6.1.4.1.2213.11.1.15 was ALLOWED to run 6 Jul 15:02:00 - [EXECUTION] c:\programmi\f-secure internet security\backweb\4476822\program\backweb-4476822.exe with commandline "c:\programmi\f-secure internet security\backweb\4476822\program\backweb-4476822.exe" was ALLOWED to run 6 Jul 15:02:01 - [EXECUTION] c:\programmi\f-secure internet security\anti-virus\fsav32.exe with commandline 1.3.6.1.4.1.2213.12 was ALLOWED to run 6 Jul 15:02:02 - [EXECUTION] c:\programmi\f-secure internet security\common\fameh32.exe with commandline 1.3.6.1.4.1.2213.11.1.18 was ALLOWED to run 6 Jul 15:02:03 - [EXECUTION] c:\programmi\f-secure internet security\fwes\program\fsdfwd.exe with commandline "c:\programmi\f-secure internet security\fwes\program\fsdfwd.exe" was ALLOWED to run 6 Jul 15:02:03 - [EXECUTION] c:\programmi\f-secure internet security\backweb\4476822\program\fsbwst.exe with commandline 1.3.6.1.4.1.2213.42.1 was ALLOWED to run 6 Jul 15:02:06 - [P] c:\windows\system32\svchost.exe [1112] tried to gain TERMINATE access on c:\programmi\f-secure internet security\fwes\program\fsdfwd.exe [2188] 6 Jul 15:02:07 - [P] c:\windows\system32\svchost.exe [1112] tried to gain TERMINATE access on c:\programmi\f-secure internet security\fwes\program\fsdfwd.exe [2188] 6 Jul 15:02:50 - [EXECUTION] c:\programmi\sony ericsson\gc75 manager\gc75 manager.exe with commandline "c:\programmi\sony ericsson\gc75 manager\gc75 manager.exe" was ALLOWED to run 6 Jul 15:03:19 - [EXECUTION] c:\programmi\opera7\opera.exe with commandline "c:\programmi\opera7\opera.exe" was ALLOWED to run 6 Jul 15:09:20 - [EXECUTION] c:\windows\system32\mspaint.exe with commandline "c:\windows\system32\mspaint.exe" was ALLOWED to run 6 Jul 15:09:26 - [EXECUTION] c:\windows\system32\svchost.exe with commandline c:\windows\system32\svchost.exe -k imgsvc was ALLOWED to run 6 Jul 15:11:45 - [EXECUTION] c:\windows\system32\mspaint.exe with commandline "c:\windows\system32\mspaint.exe" "d:\downloads\log.bmp" was ALLOWED to run 6 Jul 15:15:10 - [EXECUTION] c:\windows\system32\mspaint.exe with commandline "c:\windows\system32\mspaint.exe" was ALLOWED to run And what about my attached config in Program Protection ? I don't know how to manage F-Secure IS 2004.
You could add Close Message Handling to your AV main .exe (the one(s) that are running as seen in Task Manager) especially if you run it without password protection - if it has a password facility. I assume you are using ZA firewall which does not need to be on the protection list?
Hi Pilli. I added Close Message Handling to F-Secure Internet Security Agent (in line 26) because is the only one I see in Task Manager and has not password facility. I use the integrated firewall in F-Secure IS 2004 (I don't know the name of exe). In the past I used Oupost Pro 2.1, but it crashes if used with F-Secure Antivirus. Thanks and have a good day
Hi Peter, now I've enabled Block Appinit registry key, but I don't full understand the others so I want to try one at time. Can you explain me about these protections? Have a good day