Adding to protected list

Discussion in 'ProcessGuard' started by beethoven, May 21, 2005.

Thread Status:
Not open for further replies.
  1. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    I am going through my protection and security tabs to check my programs and enable protection.

    Is there any reason not to put a file in protected other than that it is a "bad" file? I just checked on "adobe gamma loader.exe" and found that it is a non-essential process. I guess I still do not want this to become modified or used by a trojan, so I will protect - right :doubt:
     
  2. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    I've found that if you put a program in the Protection tab, that the protection tab will override any permissions you've granted in the Security Tab

    For example, I don't let msgsgs.exe or msgsys.exe or dwwin.exe run on my machine (they are set to deny always in the Security tab). However if they were also listed in the Protected tab, they would run anyway.

    I don't let msgsgs.exe or msgsys.exe run, and they are not needed on my comp, and there are vulnerabilities associated with msgsys.exe .... dwwin.exe I find annoying (it's the one that keeps asking to send error reports to microsoft).

    many people set rundll32.exe to Permit Once, so that they know each time a DLL file runs as an application (just an extra security precaution, but once more its a balance between how much peace and quiet you want...and how often you run a DLL file as an application).
     
  3. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Hmmm, I don't have these progs appearing in my logs but I have mobsync. I have set this one to deny but had it protected. Just did a restart to test and the alert tells me the program was blocked from starting. It still shows up with always deny under security and protected at the same time.

    One other query:
    I have found internat.exe. Some googling told me that internat.exe is installed with Windows and is an process to providing Microsofts multi-lingual features in Microsoft Windows. . So as a legitimate process I allow it - any idea why it needs global hooks and if that should be allowed too? o_O Bty, I hardly ever use IE, instead prefer Opera and Firefox :D
     
  4. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    From liuitilites "mobsync.exe is a process associated with Internet Explorer and is used to synchronize the offline pages you have chosen to be stored locally with the matching online pages"

    Sorry, don't quite know enough about global hooks to answer your question (I only know that keyloggers use them)...but if you don't use internationl languages, I see no reason why you can't set internat.exe to 'Deny Always'. Even though it is a legitimate windows process it isn't needed to keep your machine running.

    Glad to hear you use Opera or Firefox.
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Usually global hooks are associated with Keyboard and mousef eatures such as Mouse Guestures. When you allow specific global hooks on a trusted protected list program there should be no risk as the global hook allow is specific and not "Global" for all programs. :) Many programs that say they require global hooks often work quite happily without them but certaisn features may not be available to them.

    HTH Pilli
     
  6. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Given the previous info, I think I am happy to continue to deny hooks to internat.exe . I don't really need the program in the first place ;)
    Interestingly enough, Opera which is famous for the mouse gestures did not ask for the global hook and works fine at present without it. (just proving Pilli's point) :D
     
Thread Status:
Not open for further replies.