Hi, I'm using the free version of ProcessGuard 2.0 and want to know what are the best settings to protect the Outpost Firewall Pro? I run the Advanced Process Termination 1.9 to test it but the process was killed... Thanks
To protect from all termination methods, you need to enable Close Message Handling (CMH) for Outpost (select Outpost, then Options from the drop-down list at the bottom to see this setting). However CMH does not work fully for Outpost (in my tests, Outpost would remain running while the confirmation prompt was up - but whether you confirmed or canceled, Outpost would close afterwards). Nevertheless it can provide good warning that something is amiss.
Hi Paranoid, Sorry, but I didn't see that option in Outpost. And about the settings for the process in Process Guard? Thanks
After enable that option, I tried the Advanced Process Termination by clicking in 'ALL' and he kills the Outpost without any confirmation prompt...
Does Outpost's entry in PG have the Write, Terminate, Suspend privileges listed as blocked? Is Process Guard reported as active and enabled in the first 2 entries in the Log window? Do you see any mention of apt.exe (either being blocked or allowed) in the Log window?
Hi VaMPiRiC_CRoW, For Securely Handle Windows closure (CMH) to wotk properly you need to stop and restart the firewall service, this is because procguard.dll needs to be injected into the services/processs as they start. With some services you may need to enable CMH then reboot. You can use DCS's Advanced Process Manipulator (APM), Process Explorer or Faber tools to see that the .dll is injected correctly. Please note that if you have a process with the permit once stting in the security list then procguard.dll may not be injected, this is known bug and has been reported HTH Pilli
I restart the pc, run the Advanced Process Termination and didn't get any confirmation prompt. See the picture:
Ah, I see you are using the Trial version Process Guard V2. With version two the .dll injection can be iffy, you need to check that procguard.dll is injected into the outpost process before trying the test. It tworks fine on Server2003 for me but XP SP1 & SP2 can be more problematical.
At this stage also, rather than hitting All in Apt, test each of the methods and report which ones cause Outpost to terminate.
Hi Paranoid200o, Almost certainly it will be Close message handling, ie. the .dll has failed to be injected.
Only the 6, 7 and 8 methods kill the outpost.exe... I said that was the free version 2.0 on my first post See the picture:
Yeh, Missed the V2 bit Anyway onwards - You need to add Procees Explorer to the protection list to see the injected .dll which you cannot do and test another process with the trial. You also need to ensure that all four "General blocks" are enabled. Try Advanced Process Manipulation (free) from here: http://www.diamondcs.com.au/index.php?page=apm This should be able to see the injected .dll HTH Pilli
Ok, seeing as you can only add one application in the PG Demo, you would be better off checking if procguard.dll is loaded with Advanced Process Manipulation. Process Explorer needs a driver to work, hence the "unable to query process" message. You would need to also add Process Explorer to Protection List for it to work, but seeing as you can only add one entry for Protection...use APM instead . Regards, Jade.
Well VaMPiRiC_CRoW, Outpost and getting CMH to work with it is a known problem that Jason will be looking in to and correcting . Have a read here mate. Regards, Jade.
