I have NAV2005 and I have a program that updates my virus defs every few hours. I gave PG permission to allow this program to run. Whenever it has new defs to download there is a new version number for the defs and I have to allow the program to run again. Is there a setting that will allow that program to run anytime even though the defs have a different version number each time?
Let me make this simple. I allow a certain program to run and check "always perform this action" checkbox. The program starts again at a later time but is slightly different because each time it starts it has a different number assigned to it. So, PG thinks it's a different program altogether and asks for permission to allow it to run again. Is there a work around or a setting to stop this? Will "add to the protection list" correct this?
There is no workaround because it is a new filename each time, hence ProcessGuard will alert on something new.
ProcessGuard is alerting because something new is trying to run. If you don't want that particular feature on (execution protection) you can disable it. Although I wouldn't really recommend disabling it since it is the first layer of protection ProcessGuard adds to your system.
I think what Jon is asking for is a way to add a "don't block" list that is wildcard-based. Example, if the downloaded update .EXEs look like: virusdefs_2004-10-16.exe virusdefs_2004-10-26.exe virusdefs_2004-11-04.exe ...etc... have something in PG that says "allow any program that contains the string "virusdefs_*.exe" to execute. This is a potential security risk, since if somehow a piece of malware was able to read from your PG config and extract this exclusion list, it could possibly rename it's trojan to match it and bypass your detection. But I suppose this might be a feature to consider adding for those users who want it and understand the risks involved.
That would defeat one of the points of Execution Protection. You know when you update the definitions the file changes, and you allow it. But if something else puts a nasty on your system that has the same name as your definition exe, then that you wouldn't want to run. ProcessGuard as designed would catch it and alert you. The feature you are asking for would mean anything with that name could run without your knowing about it. Bad idea. Pete
If the only security you were running were PG then maybe this point would be moot. But if you are running a host of software, and you give a wildcard pass to your NAV, then only NAV updates will get through. Because your security suite will catch the imposter.
