SSM Startup blocking+Jetico+DrWatson=BSODS

Discussion in 'other anti-malware software' started by poirot, Nov 14, 2006.

Thread Status:
Not open for further replies.
  1. poirot

    poirot Registered Member

    May 4, 2005
    A quick report about what happened in my notebook running SSM-Free edition,Jetico 1.0, all sorts of Reports to M$ disabled,but DRWatson still present at Registry level.
    After having enabled most Modules in SSM and having achieved a satisfactory running of the program i decided to set Block All modifications in Startup.
    Nothing wrong ensued from this move alone,if considered by itself.
    But i soon understood why this tweak is normally set to Permit.

    It happened i tried to modify too many rules at once in my Jetico 1.0,XPHome limited Account :

    i wanted to modify rules not hardening but alleviating the burden of such Tables like WebBrowser for instance,as up to now i've strived to achieve maximum security -and with stem & others help i achieved this- but i had grown tired of too many pop ups and wanted a more 'normal' firewall (without lowering its defenses),
    so i set the firewall to Defaults then added another Optimal config to Jetico and proceeded to copy or delete the rules- as i had previously done 2-3 times successfully- only this time Jetico thought i was pretending too much and when i moved some 10-12 rules from one config (inactive) to the active one, it reacted vanishing all of a sudden, including the systray icon.
    As i had already done all this before,i stubbornly tried again,but Jetico had become unstable and the third time a BSOD restarted the computer.
    (the usual'' MS had to intervene to protect the pc'',etc.)

    At reboot SSM produced a tab to report what had happened,which i sent. (''this has been the first time SSM was terminated this way,please report''). I hope it reaches SSM.

    I understood that DrWatson was trying to put its dumprep report into the startup and couldnt do it because of my (block) setting.
    In order to do that it had to attempt to terminate SSM.

    At this point all attempts to get to SSM Preferences ,in order to remove the block at startup, were in vain -the Send Report was all i could get-and further moves resulted in more BSODS.
    I had no other option than Rebooting and choosing my Admin account, remove SSM and reboot.

    I went again into my Ltd Account to check the situation and found all was working regularly, only new fact was Jetico had by itself reverted to Default rules.
    I repeated all the moves in Jetico i had done previously-even moving 20 rules at a time - and all was entirely OK, no adverse reaction and smooth working at all levels, which means Jetico had not become corrupt at all.

    What in my opinion was really wrong was setting the block all in SSM startup.
    I posted essentially for this reason.

    At this point,however, i had already decided i would go back to a previous Image dating back a few weeks in order to be able to reinstall SSM completely anew and not having any OS possible corruption.

    (In the meantime i decided to use for just a few days this OS image without SSM to experiment some other HIPS. I installed Antihook 3.0
    since yesterday ,but i am not impressed by it and,furthermore,its not entirely working as a 30 days-Trial ;which seems to me not very logical on their part)

    Best regards to all Forum friends,
  2. tcars

    tcars Registered Member

    Jul 3, 2006
    Sydney, Australia
    Hi poirot,

    I'd be interested to know what trouble you had with the AntiHook 30-day trial? We've not seen or heard of any problems, but if there is one we would get it fixed of course.

  3. poirot

    poirot Registered Member

    May 4, 2005
    Sorry for the delay in answering ,but i had completely forgotten about this thread.
    I did not expres myself very reliably in that post,as i was trying to be brief,
    actually one thing was not working in that antihook 3.0 trial,i think it was the section where all the current processes are stored in various colours, i tried to modify something but it did not respond, i assumed then it was because it was a trial version.
    I was not particularly impressed on account of the fact that Antihook 3.0 does not allow too much tweaking of the rules to adjust to one's needs: which is exactly what the vast majority of non geeks users would pretend from a security software nowadays,i guess.(To a certain extent,me,too).
    I want now to be clear: contrary to what it may have appeared from my brief previous post i liked Antihook 3.0 in its efficacy- i tried a few minor tests- and Antihook always prevented any leaks or malware, did not take notice of which,however, but i was certainly
    satisfied by the way it worked, silently,unobtrusively and with a utterly unnoticeable resource consumption.
    I was served well for a year by Antihook 2.5-2.6 in the past and when i realised version 3.0 is a 'set and forget' software ,because it does everything without too much imput, i was not 'impressed' comparing it to ,for instance, to ProSecurity or SSM free, which give you the chance to run without too much or any tweaking but give you the chance to do it ,if so you wish.
    Please rest assured i deem Antihook 3.0 very valuable and that in a month time i may give it another try, hoping someone submits it to some serious testing.
    Best of luck to your software, anyway,
Thread Status:
Not open for further replies.