AppDefend v1.300 Alpha Release

Yes they are really a significant part of GSS.

If possible please give user a opportunity for next alpha/beta to disable regdefend.

 

Mine is Dell E510, running winxp2 and win2k3 ent.
Anyway, gss1.300alpha still has reboot-cycle problem anyway.
- at first with a fresh winxp2 new-install came with no security software and hardware drivers installed, it seems rebooting okie. After tried íntalling comodo firewall lastest ver, failed right after at first firewall startup, a reboot and gss1.300 went on problem.
- at first with a fresh win2k3 íntall, gss1.300 went into problem after reboot.

Uninstall is a must. Pity for my box.

Any advice.

 

I noticed lots of BSODs, latest Comodo beta and latest GSS alpha cause big problems lead to heavy system crashes.

c21 stop error. Really heavy bsods the previous versions seemed to be more stable or not that deep anchored into kernel.

Sys: Amd X2 4800, Win XP Pro SP2.

 

I understand your hunger for trying programs , it affects most of us too, but i think i should say anyway: latest Comodo and GSS are to be considered incompatible for life.
Unless Comodo in the final version gives you the choice to use only the firewall.

Choose one or the other imo, specially when in beta/alpha stage. I don't think the developers will care for these incompatibilities, their priority is where it should be, finishing the program!

 

It´s the first time I hear this now, long time both tools worked fine together.
Probably they won´t care but if they want to rise their download stats they will care about.

 

Not Comodo 2.4 mind you. Now Comodo is a HIPS too.
Are you one of those that run 2 HIPS and rant about problems? I don't think you are, and i think you get my point.

They are Alpha/Beta programs..
You have issues from not booting, to not working properly by itself, missing important features, etc. Then you have a compatibility problem with some program. Where's the priority?

 

I have updated my first post with the first "update" for v1.300

 

Thanks Jason, it works really great, did I mention thanks for putting the ghosts back , they are a really wonderful part of GSS, I guess I also mean they add a really nice and wonderful feeling to having and using GSS

I'm still getting a partial initialization of Comodo firewall 2.4.18.184 , I'm not sure why a part of it works, while the rest refuse to work, through I have a slight clue, I dont know if this helps any Jason, but I have noticed sometimes that comodo tries to launch itself twice, once at boot up, then after the desktop is loaded suddenly I have the firewall trying to load itself up with a second copy, I hope this makes sense , the second firewall fails to load, then its systray icon and its processes disappear, so I only have the first one from boot loaded and in the systray, kind of confused to why the second launch, maybe AD is blocking/delaying some the first launch of the firewall and its processes or drivers during boot, then they get unstuck and launch a little bit later, I'm un-sure how to figure this out, maybe bootvis

Hugs,
Fluffy

 

Just installed the NEW 1.3. Well, it looks great, after restarting the popups came with the ghosts which looked very neat, and also the fact you can drag and drop the ghosts individually. But I have to mention a few problems I experienced. Upon startup I had to make a decision for a popup, and suddenly it disappeared, and it fired another popup. So I weren't able to make a decision for one popup. Then at startup Microsoft Windows acted really weird and said that Windows was restored of a serious error, and let me send several error reports while fireing up a few IE windows which loaded sites of MS error solving and said the errors where maybe caused by some drivers (intel application accelerator, sonic recordnow), asking I had to update them. Then I have to say that my taskbar is made smaller, the standard size as when you first installed XP.

How can I restore of this situation?
Jason_R0 can you tell me what has happened, and if it's bad or not?
Better wait for a final version from now on.

Ps: how can I import my old rules in this new one? I had backed up the ''ADSecure.gsa'' and ''rdstandard.gsr'' because these files include the rules, right? Well, before those were supposed to be in the program files folder (because previous version was user-mode) and now the rules belong in the system32 folder (because of kernel-mode) with the names ''gss_ad.rul'' and ''gss_rd.rul''.
Now, the problem is, I can't replace those files with the old rules I had backed up. Firstly because when you do it's in use, and secondly if you could replace, GSS can't read the files if you rename them from ''ADSecure.gsa'' and ''rdstandard.gsr'' to ''gss_ad.rul'' and ''gss_rd.rul''. Anybody that can tell me how to import the rules correctly?

 

@Jason......I have installed you're Alpha 3.0 but....Reg Deffend is completely disabled in GUI with out the option to enable it even when adding my registration info which it shows as one commercial licence but still no go even after reboot! But when I open programs like CPUZ and CoreTemp APP DEFFEND & REG DEFFEND asks permission So obviously its working but I am unable to access any of the features or enable it for that matter, any suggestions anyone?
I like the new layout and the GUI during Windows Boot to Desktop is very cool and I do see the floating ghosts but still no Reg Deffend!

 

See Post #1 (Important Notes):
"-There is no new gss.exe (front end), so it will still say it is v1.200 alpha in that, you can edit AppDefend rules, but RegDefend cannot be accessed through gss.exe yet"

 

Too bad, I also miss the Firewall features, no recent alerts if system wants to phone out. Hm... that was better in v.1.2 a.

 

You should never rely on the rule files being the same format for these alpha versions as they are changed from time to time. Copying old rules to the same filenames will just mean AppDefend/RegDefend ignore the ones you copied if the format isn't the one it wants.

 

My Dell E510 box still has problem of reboot-loop with any try with versions after 1.100Beta anyway! Hope Jason fix it soon so we can try releases and plan to buy licenses.
Thanks.

ps: please take a some time for CryptoSuite which does not have font-style selections anyway and does not completely handle unicode (chat and nick) - some words are properly displayed, others are not; I mean with language with accents.

Thanks.

 

The latest versions show more disadvantages then advantages.
I miss the option to disable regdefend, regdefend does not save rules,
I miss the recent alert list.. this is more regdefend then appdefend.

 

Yes I agree with what you are saying, through I'm sure these "disadvantages" are just a temporary side effect until Jason can hook up the new GUI code, I hope this can be soon so we can all start having some fun toying with it

I really hope that at some point Jason could allow us to switch back to the old style of alerts, I miss the four button Allow/Block way of doing things, I find myself getting a bit muddled with selecting the right option to allow or block. I'm not trying to complain or anything, but the new Allow/Block two button method kind-a-sucks, hopefully no one will take that the wrong way, I just have got used to the old way and the new way is hard for me to cope with

Is there a way to change the colour of the GUI, I mean skin it with our own colours etc... , just wondering

On a side note, what the hell has Jason done to my system, it shuts down like a rocket since installing the latest GSS....hehe......great, I'm not complaining honest

Hugs,
Fluffy

 

@ Jason: Just a quick question about future improvements to AD or GSS, will you be adding some kind of folder/file protection, I mean something along the lines of DriveSentry or similar ? ..I think this would be a real asset and help GSS to catch up feature wise to its main competitors like ProSecurity

Hugs,
Fluffy

 

Hi fluffy.
It's an understandable feature request.

However i really don't like the idea of write protection.
I do a lot of download and the last thing i'd want is to calculate a md5 hash each bite of file that are written. So hooking a kernel function is not really interesting for me. File protection are good for pooling. Like at each 2 second, verify that the protected file haven't changed and if it have changed and user don't want it.. restore backup. Now one of the selling point of GSS is no CPU waist in continuous pooling :S

However if there's an elegant way to do it .. why not.

--------------

Meanwhile .. i'd like very much to advance features on event recognition.
For example try to intercept mouse event window messages and be able to make rules like:

"allow explorer to execute a program only if the execution started with a mouse click on window X (desktop)"

or add precision to the alert like

"This event was triggered by a user interaction, if you trust the program it should be safe. Click [here] to highlight the window(button) that triggered the event"

"This event is part of the automatic execution of the program, it is very likely that the autorisation will be ask each time you start the program unless you choose to alwais allow/deny"

-----

that is the kind of thing that make very nice R&D work and feature no one have yet And .. well you already have some sort of window message protection. So it may be only a matter of going up in the stack and see if you find yourself.

 

Well f3x, my idea was more along the lines of preventing malware writing to particular folders/files, say for example protecting the Windows, System 32 or startup folders from being written to, only certain processes would be allowed to, through this idea could be expanded on, like say only allowing Firefox to write to its profile folder and of course a folder for downloading files to, that way any malware would be sand boxed in and couldn't inject a file into a sensitive folder like System32 or a startup folder, I hope this makes sense

How about a DriveDefend Jason.....hehe....so funny it could work

I like your idea f3x, sounds like it could work in increasing overall security, I think even through there's not many malware simulating mouse clicks, a way to help prevent them from succeeding would be most welcome, I remember Ad-Aware had a problem like this, where it was hijacked by a simulated mouse click, maybe by only allowing a certain click from a certain process or object could have prevented this....I think

Hugs,
Fluffy

 

Hi fluffy it does make sens.

I just realize that window already had such a write file protection for user right (admin,guess,etc) and that it could be a nice entry point for Jason to protect file and folder.

Except it'll be based on executable rather than running user account.
This being said, fluffy you could probably just run the application with a special user account "untrusted" and acheive the same effect with some tweaking.

 

Thanks f3x, well I just thought that it would be easier to use and to import/export then with policies, I guess I was just thinking of the noobs out there.

We have RegDefend for the registry, we don't need it really, we could just set policies, I do have policies set to block or limit changes, but RegDefend is so much easier to use and deal with, not that I'm being lazy....haha.....I just feel that something similar for the drive side of things would give us the same ease in which RegDefend has given us all this time

Have you had any more thoughts on your "event recognition" idea ? ...I'm sure Jason would be really interested in this for a future AppDefend, personally I like your idea f3x and I welcome a bigger debate and brainstorming on this idea

Hugs,
Fluffy

 

Hmmm....after some testing I still can't figure out why Comodo firewall 2.4 and 3.0 wont initialize when GSS 1.300 Alpha is installed, Ghostwall 1.150 works perfectly, I guess I will keep going, maybe I will figure it out at some point

Oh, another thing, why does my system boot up and shutdown faster with GSS 1.300 Alpha ? ...but GSS 1.110 its much slower, I don't know, such craziness my head hurts

Hugs,
Fluffy

PS. I have been loving Ghostwall lately, I have missed its simplicity and ease of use, thanks Jason for another wonderful creation

 

Have you had any major problems with it, Ive been considering installing it

 

@ topmoxie: GSS 1.300 Alpha works stable and very well for me, the only real problem's so far are RegDefend is not fully working right now, you will get alerts but it won't remember your allow/block clicks.

The other problem I can see is currently some software don't work properly with GSS 1.300 Alpha, for me its stuff like Comodo firewall, through things like BoClean and NOD32 will work perfectly, I guess its your choice, as for Ghostwall, it just works no matter what GSS version

I'm trying the latest Comodo 3.0 , it works great so far with GSS 1.110 , but the 1.300 Alpha broke it for some reason, I still haven't been able to work out the reason why 1.300 Alpha breaks it, I'm off to find some way to log the boot process in more detail

Hugs,
Fluffy

 

I'm going to be releasing two builds with the next release to try and iron out issues with other firewall apps like Comodo. I'm working on the next version of GSS.exe with the new GUI code at the moment so it's going to be a few more days at least before that next build as there are over 800 changes which need to be worked on.

RegDefend rule saving should also be in there.