Trillian attempting a "Global Hook"?

Why?

Does blocking it with PG affect anything?

What (if anything) should I do with Trillian's settings in PG? Pete

 

Just give Trillian "allow global hooks" in Options
Dolf

 

yes, if it is a trusted program you can allow it.

Personnally i have a video game which need it, as well as a network voice speach program, BTW very usefull to speak with people all other the world without spending a single $

 

I dunno, guys - Trill's working fine without it, apparently, so I think I'll just leave it alone.

I only "trust" things for about a second (on a GOOD day). Pete

 

Hi Pete, On reboot I get a single spate of three "requests" for global hooks from cftmon.exe which is to do with speech & alternative user interfaces, So far I have not added this to the PG list as it is not a file that is known to do any service for malware.

I have had no detrimental effects so far

I think some programmes just send the command but do not actually need a reply to run correctly.

There will probably be many anomalies found during the coming weeks as more users test PG with a whole variety of programmes.

 

I don't think this is a good idea.
Before you had the global hooks protection, Trillian did whatever it thought it needed to do, so if Trillian will be blocked from such actions, it only can have unpredictible results.
Dolf

 

Most hooks are to do with certain menu operations or mouse based recording stuff that a lot of applications do, all the time. In 99.9% of cases you won't need to add an "allow global hooks" to an application because the only issues it will bring are minor ones, if any are noticable. It is up for you to see what each application does with you blocking or allowing hooks on it, but in general it isn't THAT BAD to block them even on legit applications.

As an easy to see example, if you take away Internet Explorer's ability to Allow Global Hooks, then left click on its menu once, then try and move the mouse over the other top level menu items, it won't work as it should. You have to click on each item for it to bring up the list, instead of just moving the mouse over it. That is the only hook I have seen IE try to install, it also might be one we allow by default in coming versions, a lot more testing is needed with a few thousand machines to see if we can allow this through though.

-Jason-

 

Thanks for the clarification Jason

 

Is _any_ global hook is loading a DLL in every running processes ??
It sounds very abusive for me that an application need a "global" hook, or may be PG display "gobal hook" for all global and local ?

 

gkweb, I don't think I understood your question correctly, but local hooks (which don't load the DLL into all processes with user32.dll) call SetWindowsHook, which isn't protected by Process Guard as there is no need - local hooks don't have any known security implications and it's unlikely there every will be any. Global hooks (which do load their DLL into all processes that use user32.dll) call SetWindowsHookEx, which is protected by Process Guard, so there should never be any issues with local hooks, only global ones. However, to throw a spanner in the works, please be aware that some SetWindowsHookEx hooks can only create thread hooks - others can only create global hooks, and others can create both. Is that the info you were after, or ... ?

PS. As already mentioned by others it's usually OK to block global hooks in most programs (i usually block all hooks, only enabling them if i notice lack of program functionality (rarely), such as menus not working properly), but it can also actually be beneficial in terms of system resources, because by blocking the call to SetWindowsHookEx (which prevents the global hook from being created), you're preventing the hook DLL from being loaded into all processes that have user32.dll (which will be most of your processes).

Here's some official documentation regarding the SetWindowsHookEx function from MSDN:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winui/winui/windowsuserinterface/windowing/hooks/hookreference/hookfunctions/setwindowshookex.asp

 

Just a further clarification, SetWindowsHookEx is sometimes used for local based hooks, which Process Guard doesn't interfer with, it always allows them.

There is a lot of functions that Microsoft use in some of their products which they have not documented which we are investigating at this stage. I am pretty sure Internet Explorer's hook is only trying to be local but it is getting seen as global.

-Jason-

 

that was my concern... to save system ressources by blocking legit global hook

What i wanted to know was if all global hook blocked by PG was the loading of a DLL in every running processes, which is the case from your answer.

A global hook hunter is born