AOL, Services.exe, and PG 3

Discussion in 'ProcessGuard' started by siliconman01, Oct 1, 2004.

Thread Status:
Not open for further replies.
  1. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    I've been struggling with the security issue of having Services.exe set/allowed in PG to Install Services/Drivers so that signing on to AOL would not cause a PG alert/alarm that something was blocked. I "think" I may have solved my security concern and have removed the Install Services/Drivers on Services.exe and not causing any problems using AOL.

    Here is my system and AOL configuration:

    Windows XP-SP2
    2 mbit Cable Modem always connected
    Linksys BEFSX41 hardware Firewall/Router
    AOL 9.0 Optimized SE
    BYOA (not AOL Broadband service)
    AOL Fanfare
    AOLDIAL.exe not used
    Pure Networks Port Magic not used

    I discovered that AOL activates a service named ATWPKT2.sys with ATWPKT2.VXD when AOL is activated to sign on. These two files are located in C:\Program Files\Common Files\AOL\ACS. By renaming these two files to ATWPKT2A.sys and ATWPKT2A.VXD, AOL no longer can activate this service and Service.exe is no longer trying to install a service for AOL activation.

    On MY Configuration, this "change" shows no negative impact on the use of AOL 9.0 Optimized SE and it has allowed me to remove the Install Drivers/Services Option on Service.exe.

    I'm wondering if other AOL users can benefit from this. I'm sure it is configuration dependent; however, it might be worthy of a trial by AOlers.
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Good job siliconeman01, I'm sure other AOL users will be pleased :)

    Thanks. Pilli
     
  3. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    just a wild guess, in case thus service is needed after all: maybe there's some way to have it started in another way than to be called by AOL via services.exe. Maybe (I really don't know nor can I check it out myself) the service can be started "automatically" or "system"-wise instead of manually. Of course I'm referring to the OS's service setup, but I don't know if it can be achieved there (even if the AOL service is on the list of services available there), but maybe it is, or maybe there are other ways to achieve a similar thing...
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,059
    Very very interesting. Will try it later. I am using AOL 9.0 SE also but I am using AOL Broadband so it will be interesting.
     
  5. beats_me

    beats_me Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    2
    Trying out the renaming of the files, I find that on my system, the AOL client can no longer sign on. It appears that it cannot initialise the modem.

    Windows XP-SP2
    AOL Broadband (ADSL 512 kbit)
    AOL 9.0 (UK)
    AOLDIAL.exe not used
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,059
    Yep same here. If you are using AOL with BYOBroadband it probably works. But I also am using AOL DSL and it doesn't work. It is part of the AOL Connectivity Service and if you use any AOL stuff to get on line it doesn't work.

    Only other solution is leave the services.exe ability to install services off, then turn it on, go online, and then turn it back off. Very crude.

    Jason we need some creative thinking on this one.

    Pete
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Interesting thread:)

    Peter, What about an "Allow once" etc. as in the security list?
    If you could see what was trying to use the services.exe in this way then that would be half the battle don't you think?

    Not sure if such a thing is possible but I am sure Jason will enlighten us :)
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,059
    Yep, but I suspect if he can do allow once, he could do an allow always for that application.

    I was thinking that somehow when you are in learning mode it could pick up on the fact that permision is necessay and only give it under those circumstances. That is basically what I am doing now. Knowing that this is a critical protection, I am leaving services.exe unchecked in terms of allowing services/drivers installs. Just before logon I check the box, log on, and then immediately uncheck the box. A pain, but....
     
Thread Status:
Not open for further replies.