Question From Security Hole Thread

Didn't put this is the RegDefend section because it's from the Security Hole thread already in this section.

As a completely new user to GSS (and RegDefend), I have a 'how to' question from an unknowledgeable (as yet) user. IF you wanted to create a rule to protect against unauthorized changes to GSS itself, would this work?:

'GSS Program Protection' as added group under Global Registry Rules

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Ghost Security\GhostSecuritySuite
Value: * (or **) ?
Events: create key, modify key, set value, delete value
Action: ask User, log to disk

I realize there's a long list of entries to deal with when asked, that don't really need protection... but is that a good way to start, or is there a much better way to go about it? Will doing it this way create a 'too many entries' problem in the log?

Thanks for any help... Quinn

 

Hi Quinnk,

That rule would protect against modification of specific Ghost Security Suite items. I don't think you will receive too many log items regarding those entries, so it wouldn't hurt to add it I think.

If you changed the key to :-

HKEY_LOCAL_MACHINE\SOFTWARE\Ghost Security\GhostSecuritySuite**

You would also protect the versions subkey in there too (make sure gssupdater.exe has access to modify this area in application rules).

 

Thanks Jason... I really appreciate you taking the time to answer. What specifically would you allow, for gssupdater to have access to modify (I assume you mean in AppDefend)?

Quinn

 

Hi Quinn,

I mean Ghost Security Suite's updater modifies the registry in the versions subkey, so if you added a rule which blocked access to the versions subkey, gssupdater.exe would need access to modify them (otherwise the updater would never think you updated).

 

Very good. Thanks again for your response. I'm knowledgeable in other computer related areas, but not at all about GSS yet. Very impressive program... I ran the trial for a couple of days and then purchased 'unlimited'. Looking forward to seeing you develop it's potential over a period of time. Considering the quality of the program in beta form, what you get with the 'unlimited' choice, and the overall potential... I have no problems at all with the cost. It always costs a little more to go first class.

Quinn

 

hi
this is how i have made my "protection"

HKEY_LOCAL_MACHINE\Software\Ghost security\Ghostsecuritysuite
*Ruleset

HKEY_LOCAL_MACHINE\Software\Ghost security\Ghostsecuritysuite
*Reg*

it covers *all* registry key that are *vulnerable*
other registry key i assume are for the size/ position of different things on the gui, and i don't feel it's needed to protect them.

 

Just double checked mine were ok and noticed 'MD_Ruleset',what is this ,i can't remember if it there last time i looked,but i think it was,it rings a bell anyhow.

Is this a teaser for us to guess what your next app will be called Jason?.

 

Medication Defend , but it is still very beta and the beta testers are trying to much of them...

 

Jason must have done some cleaning ?

Anywais i cannot find it anywhere but i'm sure i have read it was mutex defend

Somone was playing with reshacker and gss and found this mutex thingy
Jason have made a post about it and said it was only a "placeholder" for the next app ie to see if the desing is ok with 3 application rather than 2