GeSWall and printers

Following Aigle's screenshot on post 18, just copy past \Device\NamedPipe\Lsass into Resource Name, Resource Type "File", Access Permission "Read Only".
It's what the log says i think (i don't use GW).

If that doesn't work, try Access Permission "Allow". I don't know if the log is saying it blocked "Read Only", or blocked because it's set to read only. Try "Read Only" first.

I'm not an expert either, i just used it before. This is only a matter of getting familiar with the application, not being an expert (an expert would be able to make more strict rules, and know what they do).
The advantage of GW is being able to read a log and doing things like this. It's more transparent.

 

thanks Pedro. I'll give it a try tonight and post back. Hopefully that will work. I think Geswall is a good freeware alternative for the browser, that is why I'm trying to make it work.

thanks again
Al

 

Read only is allowed already and that is what the log says. Allow Permission might work but not sure how much it will compromise the security.

 

Thank you aigle for the explanation

 

Aigle, are you using the beta version? I just checked 2.7.1 pro, and i can't find that rule.
Perhaps the beta fixes it (or you added it and forgot), and read only is the solution?

 

There is still no beta. lssas is marked as trusted so untrsuted applications can only have read access to it, my guess.

 

They have that access only if IE has that specific rule perhaps, read only.
I didn't find that in the IE rules.
Do you have that rule?

 

These( Resources) are general rules for all applications.

 

Well, I give up. I tried posting at Geswall and I really didn't get a direct answer to my problem. I think if I used the Pro version and printed from IE, there is an option that Geswall would learn the rules and I wouldn't have a issue. It seems they want alot for the Pro version. I tried DW and find it a little easier than GW. All I can say is thank you to all that have tried to help.

Al

 

Pls try this as a a last attempt. I am just curious to know the result.

Then reboot ur PC once. Try printing now. Let,s know the result pls. If I had that printer I would have tried myself.

 

I wasn't referring to your screenshot, i was asking if you had that rule in IE's rules.

IceCube, you could at least tell us what you tried, and if you tried our suggestion..

 

Here it is folks. This is how I got Geswall to work with my printer. I took the suggestion at the Geswall forum. He pointed me to a thread that showed setting up a program with the app wizard. The app wizard is only available in the pro version. So I set Geswall to the Pro version and I started IE to create rules for me. So when I went into my gmail account and started printing....... Ta Da!!!!!! It printed. Geswall however, restricted the ink cartridge window from showing. I really don't give a rats arse about the window showing. So now she works after 2 weeks of frustration. My only question is, when my Pro trial is up will it deep six the rules that it created for IE and the printer? I've been going back and forth with DW and GW. I would keep GW if the rules stick. The company wants alot of money for the Pro version. I would buy it if I could use it on 3 computers. I think it offers good protection/performance. Here are the screenshots of the resource and IE rules. I'm not sure which ones it auto created.

thanks again
Al

 

The rules for IE look exctly same as default. Strange.

BTW ask Brian, seems that pro licence can be some way used for more thgan one PC under some conditions.

 

Aigle

This is crazy. The printer worked fine from my isolated IE browser after I had the app wizard auto create the rules. However, I rebooted and tried again and the printer stopped working again. So I added the entry into the IE browser: \Device\NamedPipe\lsass File Allow and it works. Its also displaying the ink cartridge window! I'm a very happy camper.
Its great to have a forum where you can get ideas and have intelligent individuals to help out. Have a great weekend everyone!

Here is a screen shot of what I was talking about all this time:

 

Ok, i won't say "i told you so"
You can try instead of "Allow", "Read Only". If it works with Read Only, it's probably safer as well. Not sure, but i think it's only logical.

Cheers

PS: DefenseWall is also a great policy based sandbox. They have their pros and cons, it's hard to tell which is best.
I just didn't want you to choose based on some issue that GeSWall is telling you how to solve.

 

Hi Pedro

I tried Read Only and it didn't work. Only likes Allow. I think part of my confusion was that Geswall seems to operate different in Pro vs Free mode. This is understandable now. I like GW and will probably purchase it.

thanks again
Al

 

Ah, so it gives me a clue as what the logs says (never read the help file, which is something you could do as well).
So i figure, the log is saying the resource is blocked since it's read only - because, as Aigle mentions, it's trusted, so read is allowed, nothing more. One has to explicitly state it's allowed.
Hope i got it right.

Consequences for security: i have no idea!

 

Read only will not work, it,s the deafult rule( as shown by log). Allow rule was exepected to work and it did.

 

Great that it worked.

 

Hmm,

Not a great idea allowing untrusted processes to tinker with lsass, see http://en.wikipedia.org/wiki/Local_Security_Authority_Subsystem_Service

 

Well Kees, you had to throw a fly in the ointment. That link didn't look good. I guess this would be more or less a question for Geswall.

Al

 

Update! After viewing Kees post on allowing \Device\NamedPipe\lsass File Allow for IE, I made the change to \Device\NamedPipe\lsass File Redirect and the printing works!

Redirect Application my read resource but once it tries to modify it, GeSWall creates a local copy of the file or registry key, which is modified instead. That allows the application to work smoothly and at the same time prevents modification of trusted resources. The local copy is not permanent. It is erased on application termination.

Al

 

Soooo.........Success ?

 

I think so. I was going to suggest using Redirect (GeSWall's approach to virtualization) but I'd guess that I'm late

 

Nice IceCube1010, thank you for reporting that. Something to remember.