A little help please

Discussion in 'ProcessGuard' started by jon_fl, Nov 3, 2004.

Thread Status:
Not open for further replies.
  1. jon_fl

    jon_fl Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    242
    I have NAV2005 and I have a program that updates my virus defs every few hours. I gave PG permission to allow this program to run. Whenever it has new defs to download there is a new version number for the defs and I have to allow the program to run again. Is there a setting that will allow that program to run anytime even though the defs have a different version number each time? :cool:
     
  2. jon_fl

    jon_fl Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    242
    Let me make this simple. I allow a certain program to run and check "always perform this action" checkbox. The program starts again at a later time but is slightly different because each time it starts it has a different number assigned to it. So, PG thinks it's a different program altogether and asks for permission to allow it to run again. Is there a work around or a setting to stop this? Will "add to the protection list" correct this?
     
    Last edited: Nov 4, 2004
  3. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    There is no workaround because it is a new filename each time, hence ProcessGuard will alert on something new.
     
  4. jon_fl

    jon_fl Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    242
    Thanks Jason. Can I just leave it unprotected some way?
     
  5. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    ProcessGuard is alerting because something new is trying to run. If you don't want that particular feature on (execution protection) you can disable it. :)

    Although I wouldn't really recommend disabling it since it is the first layer of protection ProcessGuard adds to your system.
     
  6. jon_fl

    jon_fl Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    242
    Jason, can I stop execution protection for just that program?
     
  7. LuckMan212

    LuckMan212 Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    252
    I think what Jon is asking for is a way to add a "don't block" list that is wildcard-based.

    Example, if the downloaded update .EXEs look like:

    virusdefs_2004-10-16.exe
    virusdefs_2004-10-26.exe
    virusdefs_2004-11-04.exe ...etc...

    have something in PG that says "allow any program that contains the string "virusdefs_*.exe" to execute. This is a potential security risk, since if somehow a piece of malware was able to read from your PG config and extract this exclusion list, it could possibly rename it's trojan to match it and bypass your detection.

    But I suppose this might be a feature to consider adding for those users who want it and understand the risks involved.
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    That would defeat one of the points of Execution Protection. You know when you update the definitions the file changes, and you allow it. But if something else puts a nasty on your system that has the same name as your definition exe, then that you wouldn't want to run. ProcessGuard as designed would catch it and alert you. The feature you are asking for would mean anything with that name could run without your knowing about it. Bad idea.

    Pete
     
  9. Mercurybird

    Mercurybird Registered Member

    Joined:
    May 1, 2004
    Posts:
    32
    Location:
    Northeast Texas.
    If the only security you were running were PG then maybe this point would be moot. But if you are running a host of software, and you give a wildcard pass to your NAV, then only NAV updates will get through. Because your security suite will catch the imposter.
     
Thread Status:
Not open for further replies.