2 Quick questions about Exec Protection

Discussion in 'Trojan Defence Suite' started by rie, Aug 28, 2004.

Thread Status:
Not open for further replies.
  1. rie

    rie Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    19
    1.) Exec Protection was mentioned to me in another thread and so I have now read up on it. (Never knew it existed, so thanks!) I read that TDS has to be running for this to work. So should I set TDS to run at startup? (XP Home.)

    2.) There are several other users on this home computer and I don't like them to be faced with making decisions on security popups. They won't understand what's going on. Will TDS just take care of everything in the background, with NO input or reactions necessary from them? From what I read, that seems to be the case, just checking.
     
  2. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi Rie....

    #1: Execution Protection is only available to Paid/Registered Version, if you fall into that category, read on. :)

    Open TDS GUI, Menu Bar/TDS/Protection Execution/Install

    It will then load the Exec Prot.

    Now, TDS does have to be running for this to work in RTM [Real Time Monitoring]

    However, in the configuration.... see pic of mine...

    .. it's not recommended to startup with windows, quite a lot of us do not, as it can take quite a while. But some do, up to you. Personally I do not. Just start it up manually after Windows Reboots and before connecting to net.

    ...and the Process Memory Space Scan upon TDS start up takes a while, most of us uncheck that, and that is only scanned when you do a FULL SYSTEM SCAN... from the System Testing menu by default.

    TDS will monitor in RTM all .exe starting up in background, yes, no worries, but I am a little unsure if there are different log-ons for different users does it take effect. Someone else will answer. I only have one log-on here on mine.

    Cheers, TAS
     

    Attached Files:

  3. FanJ

    FanJ Guest

    In addition to what Tassie already posted :

    Yes, TDS-3 has to be started (either on startup or by yourself) to have Execution Protection working.

    Moreover, you have to set up Execution Protection enabled (see screenshot).

    It cannot be said enough :
    1- TDS-3 HAS to be started
    2- Execution Protection HAS to be enabled

    (PS: there are some "sticky" postings showing this).
     

    Attached Files:

  4. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Also.... See the sticky threads above in this forum for lots of set up info, pics, etc.

    and once Exec Prot is installed, this is what you should see when TDS starts up in the future...

    highlighted in yellow showing the Exec Prot..

    TAS

    edit: .. LOL... i was adding more info when phone rang, FanJ beat me to stickies threads... ;) They must be good, now mentioned twice. :D
     

    Attached Files:

  5. rie

    rie Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    19
    Thanks, guys! I'm registered, and I did install it, and now it shows up as Installed. Although it does sound good to me, maybe it's a bit too much trouble for this multi-user computer. Especially when all the other users don't care about this and are impatient and non-compliant about anything they have to go out of their way to do. If it's not totally done in the background and without bothering them - forget it. They'd never start TDS once they've logged on. And if TDS takes a long time to run at startup, they'd be mad at me about that, too.
     
  6. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia

    Hi Rie :).

    Yes, if Executive Protection is enabled and TDS is running, TDS will take care of it in the background - if you try and run a malicious file, it simply will not be allowed to run.

    I have included a screenie of a standard Beast trojan server I created being blocked from executing by TDS. As you can see, the Client/EditServer (Beast2.07.exe) and the Server (Test_Exec_Prot.exe - which is the nasty one) were both silently blocked from executing :).


    Best regards,
    Jade.
     

    Attached Files:

  7. rie

    rie Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    19
    I want to use that! How long does it take TDS to load/run at startup? - how long will it delay startup? We're always connected (cable) and don't have too many startups with XP.
     
  8. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Depends... it could take an extra 40-60 seconds.. depends on what you have config to test at TDS startup [as in my configuration pic above]... could take a good deal longer, as it may 'hang' slightly, especially if TDS is trying to start up first and then Firewall, etc.

    Try it, time it. Only you can decide, it's NOT a prerequisite that you don't have TDS starting with Windows, just an option that many of us use. :)

    @ Jade,.... you know what you have to do now mate hey..... you posted, and lots of people will be requesting your "Beastie" LOL...
    I have more than enough to test TDS on myself ;)

    Cheers, TAS
     
  9. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    whoa... If that's the case and it's *your* PC... lock them out... :D
    Bugger that mate, you need to know that they will be compliant with your security guidelines, if it's your PC.

    Insist strongly on the security apps being in running mode if applicable.

    The very first thing I do is look at my SysTray upon sitting down, to see if all running. I have entrenched this in my daughters and wife, and they know how to start them if not showing. :)

    TAS
     
  10. FanJ

    FanJ Guest

    ;)
    Only just a little side-note (please forgive me !):
    maybe they have to buy another computer and/or learn their lessons the hard way (but who will help them then (yet another HJT-log begging for help...)).

    Sorry (!!!), it was not my intention to sound rude.
     
  11. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Personally Jan, I don't think it's rude at all mate. Plain commonsense. ;

    :) Rie: Please let us know if you tested TDS running at startup and how long extra it took. You may have a fast system, and only takes an extra 30+ seconds to do, which is nothing for peace of mind.

    Cheers, TAS
     
  12. rie

    rie Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    19
    It's our family computer so unfortunately I can't kick them out. But - if I set it to run at startup, there's no way they'll ever figure out how to stop it! So maybe I'll get my way after all. I'm going to set it that way and shut down in a few minutes. I'll let you know!
     
  13. rie

    rie Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    19
    It was a little long but having it running would be worth it for me, especially since we reboot very rarely. I specified for it to run at startup minimized, but it was in the middle of the screen big as life. Does it have to be plainly visible, so people don't start clicking their desktop icons before it's done? I got confused and X'ed it closed when it was done, instead of minimizing it down to its icon in the system tray. My other users would absolutely do that, too. I guess I could show them what to do but I'd never really trust them. Can't even trust myself to do it right!
     
  14. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    hmmm... did you SAVE the configuration...

    open it back up, see if it's still configured like you left it...

    when you hit SAVE, you should see this in TDS GUI [highlighted in yellow]
     

    Attached Files:

  15. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Just to be sure.. you did check this pictured, right [although you did]...

    So, make sure it's configured, then hit SAVE...

    TAS
     

    Attached Files:

  16. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Rie, you may have to experiment a little with a reboot, see what happens.. but... some programs when you hit X it minimises to SysTray, others will close... as TDS does, so you have to use the usual minimise button... _

    TAS. See you later on, hope it works out. I am off to work. :'(
     
  17. rie

    rie Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    19
    Thanks for the many tips & tricks. I will keep fiddling. Right now I have it running minimized in the system tray. It doesn't seem to be slowing things down, which is good. Usually when I run a scan, I can't touch the computer until it's done or everything freezes, so it's good to find that it runs nicely in this way.
     
  18. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Rie,
    Here are a couple of ways of starting TDS3 that may work for you, the easiest is to put a shortcut to TDS-3.exe in the all user start up folder.
    \Document and settings - All users - Start menu.

    In TDS3's configuration window untick both "Process memory space scan" To speed up loading time and "Run at system start up"

    Doing it this way all other autostart programs will install before TDS3 is started and this will reduce any contentions with other starting programs

    The other ways would be to use Windows Task Scheduler or a third party task scheduling program to open TDS3 after a specific amount of time.

    HTH Pilli :)
     
  19. rie

    rie Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    19
    Won't unchecking "Run at System [Windows] startup" make it NOT run after a bootup? (= exec protection and TDS wouldn't be running, then?) The user startup folders is soemthing I'll try too.

    I messed something up (my fault) and had to email for help. Apparently I'm the incompetent one, not my other users! I have to wait to hear back before I make things worse.
     
  20. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Yes, but if you put it into the All User Startup folder TDS will still start as Windows loads ;)....therefore Exec Protection will be started also.


    Best regards,
    Jade.
     

    Attached Files:

Thread Status:
Not open for further replies.