Blocked [Auto User] is out of my contorol

Discussion in 'Ghost Security Suite (GSS)' started by Metting, Aug 5, 2006.

Thread Status:
Not open for further replies.
  1. Metting

    Metting Registered Member

    Joined:
    Aug 3, 2006
    Posts:
    100
    Hi

    2 issues need help please

    1-I'am using Tony latest rules, rarely Regdefend block Kav and some other progs from modifying some areas by the rule Blocked [Auto User] which I couldn't understand !

    I have inspect all rules in Tony file to find any rule that blocks things by default to modify it to Ask User , but I couldn'y find any, all rules are configured to Ask User but Regdefend blocks some entities and don't ask me :oops: any help?

    2-How to stop regdefend from adding logs of ewido damned activity who insist to delete it's entry in autostart every 5 seconds ? this makes a huge meanless log files.

    I couldn't find any customer support at vendor's website so I'am here asking for help.

    Regards
     
  2. f3x

    f3x Registered Member

    Joined:
    Feb 6, 2006
    Posts:
    311
    Location:
    Montreal, Quebec
    Hi Metting.
    For ewido, it's quite simple....
    A)
    You simply copy paste the general rule to application-specific rules
    From there you'll have the option to disable log for this particular application.

    B) (more simple)
    When ewido ask ... chose allow alwais.
    In the rule editor chose the application specific rule concerning ewido
    Then you can change back to ask/block and disable logging



    For Kav being blocked

    That is a more tricky question. Sometime GSS is not able to ask the user like soon in the login process or when the comp shut down. This is actually corrected in the next alpha.

    Are you sure it's related to RD ?
    When you disable RD it goes ok then it's blocked when rd goes on ?
    I'd recommand you to use a program such as sysinternals registry monitor to see what key are being accessed. If a key is denied access by RD you'll see it as <access denied> in regmon.
     
  3. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hello Metting,

    Any and all of your ewido support issues can be addressed in our Official ewido Support Forum . In regards to the "autostart every 5 seconds" issue as it relates to ewido....feel free to visit the below ongoing thread in the ewido forums and make your concerns\comments known there Please.

    This ewido thread---> Please Stop 5 Second Registry Rewrite

    HTH,
    Bubba
     
  4. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Unfortunately you cannot do that with RD 2.001, as there is no facility to allow/disallow logging to disk for individual application rules.

    You can do it for Registry Rules, but then you would have no logging on what is an important Key; and strangely, on my system it doesn't work anyway as I still get logging even when I uncheck the box 'Log to disc' for the HKLM Run Key!
     
  5. Metting

    Metting Registered Member

    Joined:
    Aug 3, 2006
    Posts:
    100
    Thanks f3x for your support, but I agree with TopperID

    So I still find no way to stop logging ewido endless activity :(

    And for Kav being blocked you are right, it seems like RD doesn't have enough time to ask user specially that it only blocks this in occasions not always.

    Thanks again
     
  6. Metting

    Metting Registered Member

    Joined:
    Aug 3, 2006
    Posts:
    100
    Thank Bubba for heads up

    I meant Regdefend when I said vendor, because it is RD responsibilty to give me a choice to stop logging in application rules , while ewido has confirmed the endless rewrite in registry bug and promissed to resolve it in next releases.

    Cheers
     
  7. f3x

    f3x Registered Member

    Joined:
    Feb 6, 2006
    Posts:
    311
    Location:
    Montreal, Quebec
    @ All. Sorry for missinformation i wasnt in front of my main comp when i posted this.

    IF this is not implemented then i guess it should be !

    -----------------------------

    There could be a compromise and log only user decided.
    Then you allow alwais for ewido.
    I don't know, I'll try to see how it's implemented in next alpha and post to jason

    ----------------------------

    @Metting

    It's very unfortunate that you could not have support by contacting the compagny ... Can you tell what adress exactly have you tried ?
    Please post a PM to Jason_R0 and it'll get sorted out. Jason is working extensively on the next alpha so he pass a bit less time on user support. There migth also be a problem with email server.. who knows.

    But generally Ghost security offers great support
     
  8. Remouald

    Remouald Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    99
    I found a way to disable logging for EWIDO entries in RD. I don't know why it works but it works for me.

    First, you must have EWIDO resident shield active (or else it doesn't work).

    Go to application rules in RD and delete the group: ewido.exe.

    It will stop logging and you'll don't get RD pop-ups until you want to change the "start with windows" status (by right-clicking on ewido tray icon).

    It only works if you have "start with windows" checked on the tray icon of EWIDO.
     
Thread Status:
Not open for further replies.