Outpost wanting write access

Greetings all ..... sorry if this has been addressed. OP wants to write to a few programs including me browser. Should i allow this and is anyone noting the same

TIA

 

If it is a trusted security application, you can allow it to do all it wants.
Outpost is IMO a trusted security app, so let it write to processes.

Why does it would need that ? i don't know, may be to add a piece of code to watch the process behaviour, or may be does it simply check that if needed, it can write to it ?

If you have the official trial or full OP version, i think it is safe to allow it, and may be more it is needed in order that your firewall protect you with full protection.

 

Thanks for getting back gkweb........... yeah, why would it need to write to these programs i have full pro v. and this was not happening until i updated PG to 1.2...... think i will wait for any other thoughts on this before i 'Allow'.

 

You SHOULD allow any privileges to any trusted program what it wants, otherwise you might change the way the program runs and later on you might get unpredictable results
Dolf

 

Hi Rainwalker, I agree with Dolf in this case. Allow outpost the privilege, remember the "allow" privilege is only applied to listed programmes which you already protect and trust

 

OK, thanks guys............. by the way OP also wants to write to TDS and PE; again this activity is all new since PG update i will do as you suggest......thanks again

 

Rainwalker, My Outpost has Write, suspend, getinfo & read in the Allow flags almost sure this is a precaution of Outposts to enable it to monitor a programme for it's application filtering.

 

Thanks Pilli......OP is wanting it all for now i will allow what you have allowed.

 

Funnilly enough I had to reboot the server PC today and, you've guessed, Terminate & Set info were logged but only once, so I will not bother about it.
I do not like giving listed apps Terminate allowances unless absolutely necessary as this gives them permission to terminate listed Apps

 

Thanks Nameless, I agree that with what you say, as a rule, with your security applications especially. I add programmes slowly and monitor their logging in PG before making the necessary allowances.
I have also contacted App developers when not sure what an app is using hooks or other logging attempts for when these are not clear, usually the developer will tell you and from that you can make a knowlegable decision about your PG settings.

Eventually the PG community will build up a knowlege cbase that will enable users to make the appropriate settings and, of course, define any anomalies.

 

The only issue I have with allowing everything you add is there might be some vulnerability down the track in one of those programs, like a buffer overflow (which PG cannot protect against since it is programming error) in which case that process then begins to take down others.

Personally I try and give the least amount of allow privileges I can, the least being as much as the program requires to run without having any issues. For the general users this may not be a good thing to do since it requires knowledge (and time) on what is causing which issues if there is problems. Protection/security wise I think it is better however.

-Jason-

 

I don't see a so big issue with giving restricted privilieges to protected processes, if a malware comes, it won't be a protected trusted process and so will be killable, and if it wants to inject into a protected process it won't be able too.

In the worst case it is, just give at the moment the privilege to TERMINATE to particular process, but i don't think it will happen if PG is installed and configured before any malware coming.

 

For "external" applications GKWEB you are right. External meaning the ones PG isn't protecting. They won't be able to interfer with the PG protected ones so there won't be an issue. My only concern is if a "trusted" program somehow misbehaved or was made to misbehave, if it had allow privileges your other applications wouldn't be protected from it. It is a very rare scenario and obviously some applications are more prone to it than others (Internet Explorer for example).

These sorts of attacks will only occur on applications that 50+% of the internet population use, usually Microsoft based ones. I wouldn't mind giving some programs all allow access, in fact I have, but programs like Internet Explorer, Outlook, etc, I would be more weary of. Luckily those programs don't really require Allow privileges so there isn't really an issue with not giving them to them.

-Jason-

 

Jason,

i was speaking for a simple point of view, besides that i have too thought to what you are talking in the beta forum, i have written as a suggestion a new feature reaquest which would be to have a new column "target" to tell PG to which protected processes allowances are applied, it can be "ALL" or a list of protected processes