Question about GeSWall

OK, what about DeepFreeze Unfreeze? According to my knowledge it is still not fixed exactly.

 

Hi puddinggalien, I am sorry that I don,t agree with ur setup at all. Two appliances with very similar work on one OS will make a mess rather that giving u any benefit. If u want to make ur OS stronger use multiple appliances but they should have different mechanisms-- that,s layered defence.
No one will recommend ur set up. It,s simply not going to work. This thing has been discussed so mnay times here.

 

yeah, I couldn't boot at all today, had to go safe mode, uninstall DW 1.56.

 

aigle, stem, anyone else who cares

i've ran another test this time the mysterious "keygen.exe" file causing a raucus here:
https://www.wilderssecurity.com/showthread.php?t=133934

according to blipblop it deletes the following files:
winupdates
gpedit.msc
cmd.exe
msconfig.exe
regedit.exe
taskmgr.exe
mmc.exe
reg.exe
command.com

and disables taskmanager and registrytools as well as hijacking IE. well geswall stopped it and here's my geswall log:

sadly antivir doesn't recognize it as a virus, jotti confirms this

 

Did u sent it to them.
BTW, still NOD 32 also dos not dtetect it.

 

ver 2.3 is out
caption for isolated app slightly changed

 

ya the new version also now stops martin's undetectable keylogger from recording keys i'm lovin' this program!

 

i'm using v2.3 now on xp no sp installed.with default setting,eachtime i open my firefox,a popup ask me to whether isoluted firefox or not.if i choose yes it will take about 1min to openup firefox.is this normal?

 

There is a box to remember the option. Mark this box checked and then click yes, next time u will not get a pop up and FF will b automatically isolated.

 

aigle is right. there is also another way to stop those popups. open up the geswall console, not the one from the taskbar, the one from the programs list. then go to the geswall console subdirectory located under the root console folder, then select "auto-isolation, no popup dialogs". then you'll never be bothered by the geswall popup again until you change the security setting again.

nope that's not normal (unless that's how long it takes firefox to start without geswall). i have firefox, maxthon, and avant installed and they don't take that long to start with or without geswall's protections enabled. did you try contacting geswall's tech support?

 

i think i will try to reinstall again.all broswer take years to launch up when geswall is active.once i shut down geswall.all browser open up as per normal.another problem is i can only access the console through my admin account,but hack i install geswall through my 2nd account who is also with admin right.

 

I don,t have this issue. May be some conflict. Try to reinstall and contact their support as well.

 

Hey I have been enjoying this thread then I get to the end and discover you guys have stopped posting to it for the past month !

Anyway, it’s a good thread and after reading it yesterday evening I installed GesWall but I am finding it quite tricky to use compared to DefenseWall. I really like DefenseWall but with 5 PCs in the house it’s not a viable option for me cost wise (I wish Ilya could licence it like BOClean where all home PCs are covered under the one licence ).

Anyway I stumbled upon this thread and it seems to me that GesWall is very similar to DefenseWall but for free - but trickier to use. For applications I am having trouble getting to grips understanding Trusted, Trusted Always, Trusted but Isolated, etc. I’ve downloaded the PDF and read it but I’m still struggling. I think I am right in saying that ‘Trusted but Isolated’ is the equivalent to DW’s ‘Untrusted’? So then I don’t understand where GesWall’s ‘Untrusted’ comes in to things?

There are built-in application rules which set various things as Trusted or Trusted always but I don’t understand what happens about all the applications that are not listed as trusted – does this mean by default they are untrusted and would still generate a pop up if run and it tries to connected to the internet? But then presumably it would only alert if it tried to connect or access the confidential area – so what happens if it is malware that wants to do damage but doesn’t actually connect to the internet or try to access a confidential area? For example, what if I had an infected executable (not a known app) that was downloaded before installing GesWall, presumably this would be ‘untrusted’? But it would not be ‘Isolated’ and if it didn’t try to connect or access the Confidential folder then I could execute it and GesWall wouldn’t know about it to stop it – I know this is where you still need your AV

I guess what I’m trying to say is that GesWall should alert and give the option to isolate when any untrusted app runs and not just when the known ones launch? OK this will generate numerous pop ups in the early days of installation but like other programs the alerts would settle down once you have launched all your usual programs. I guess a compromise would be some kind of context menu integration like DW that allows you to launch something as ‘untrusted’ with just a right-click.

I have also been confused by the isolated status of items created or downloaded by an isolated application. For example, I downloaded the latest version of Crap Cleaner using Isolated Firefox and when I launched the setup it was shown as isolated and the installation failed – which is exactly what I would expect, but then I downloaded another program (K9 anti-spam) which also showed Isolated when I ran the set up but it appears to have installed OK ?? – which I wouldn’t have expected.

Another strange problem was that within IE or FF (Isolated) I couldn’t download files to one of my partitions on my second hard-drive but I could download to everywhere else on my PC (including other partitions on the second hard-drive). The partition in question is where My Documents is located so I can only assume that in creating the confidential folder within My Documents GesWall actually set a restriction on the whole partition – not just the confidential sub-folder. I deleted the Confidential folder and deleted the Resource entry but it still didn’t solve it – so I created a Resource for the whole partition (I:\) and set it to untrusted and this then allowed me to write to that partition. With hindsight I think I should have perhaps rebooted after removing the Confidential resource – I’ll try that later, but regardless, it did seem to restrict the whole partition rather than just the confidential sub-folder within My Documents – BTW My Documents itself is in a sub-folder and not on the root of the partition.

Anyway, sorry for such a long-winded post but I think I’m going to really like this product once I get to understand it better and I know my daughters will want me to change the window bar to pink instead of the default green . Any tips and advice on how better to use this will be much appreciated.

 

hello q1aqza, i think the reason why this thread and most of this forum is "dead" is cause it's summer vacation in most of the world

i'm not an expert on geswall's in's and out's but you could try emailing geswall's tech support: http://gentlesecurity.com/support.php
they are really responsive. if i were you i'd copy/paste your post in an email to their tech support team.

i've been testing geswall for months now (against some of the worse malware out there : killdisk, xpkiller, sony's rootkit, "ice" protected apps, etc...) and it's never let me down once.

 

GesWall really look not easy to use except on it default settings.
Just a general rule, u must install it on a non infected system. All ur applications are trusted by default but when one of tese tries to make a network connection, u will get a pop up that u want to isolate it or not( making it trusted but isolated-- equivalent to unutrusted in DefeseWall as far as I can understand).
Moreover there is a list of predefined applications as well that is expnding.
BTW, they are going to add right click menue to add any application in untrusted ones just like DefenseWall.
One more point, as afr as I can understand there is virtualization for registry but no virtualization for file system, on the other hand Sandboxie has virtualization for both. I am still trying to understand its configurations.

 

Thanks for the replies aigle and zopzop. I have done as suggested and copied my post into the support link you gave me.

In the mean time I'll do some more playing around with it.

 

Just to let you know that I got a quick response from Brian from GesWall support - great support for a free product

 

Since I got myself over here finally... I reported to them some issues that prevented it from working on my machine, so, this is one that I'm waiting for a better version.

 

What were those issues?
BTW, it seems conflicting with KIS, causes hangs up and I uninsatlled it on two systems where it was installed with KIS trial version.

 

various (my email account that I assume has them, is down right now).
instant turn off cpu (a type of crash) when runniing some scans, like mcafee online av scan and some scans on the cpu too.
trouble getting geswall off the cpu, wouldn't uninstall properly.
It was actually a little while ago, I don't remember them all, but in the past they've emailed me when they've thought something was fixed.

oh, from stuff I've read, KIS is conflicting with quite a lot out there.

 

Not really strange with KIS being a full security app too..

 

As part of my computer's new infrastructure, GeSwall is now part of my security setup. It fits perfectly into my jigsaw puzzle.
On My System: Microsoft Office 2003. All isolated. When I try to save a MS Word document for my school project, it can't save properly and the file is set to read-only.
When I try to install a Game program from Real Networks(realarcade) test:
The installer fails non-stop as a result of GeSwall's restrictions.
Some of my own experiments: Set IE to Untrusted, and IE won't execute at all! Good I say.
In IE, isolate IE and most dangerous features should not be able to work at all, it is better than running a program in non-admin mode. G is tighter than that.

Resource consumption is within reasonable limits.