Boclean updates

Discussion in 'ProcessGuard' started by marsupialus, Jan 18, 2005.

Thread Status:
Not open for further replies.
  1. marsupialus

    marsupialus Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    14
    Location:
    Dayton, OH
    When BoClean v4.11 updates, PG asks to allow each time. I have 4 BoClean
    EXE modules allowed, including the boc4upd exe . Is this by design or have I
    missed something in my config?
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi marsupialus, I am not a BoClean user but I guess that the updater .exe is being updated on a regular basis and therefore it's checksum is different each time much as TDS3's DCSmutex.exe.
    In ProcessGuard 3.1 there is no provision for excluding a .exe by name.
    So ATM you have to permit each time or switch off Execution Protection.
    There are pros and cons to this from the security point of view, so maybe a later version may include an advanced option to exclude certain named files.

    HTH Pilli.
     
  3. earth1

    earth1 Registered Member

    Joined:
    Oct 17, 2004
    Posts:
    177
    Location:
    Kansas, USA
    Your guess is close, Pilli. Actually, the updates to BOClean's signature file are distributed in the form of an executable, an update.exe downloaded into the %TEMP directory. Each time an update is performed, PG notices that this %TEMP\update.exe has been "altered" since the last time it ran. I guess I'd attribute the awkwardness more to BOClean's design than to PG's. Appeals have been made for a way that PG could exempt this kind of nuisance (or even this particular one) but I don't know if any decision has been settled upon.

    Edit: I see, now, Pilli that's exactly what you said. :)
     
  4. marsupialus

    marsupialus Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    14
    Location:
    Dayton, OH
    At least I know what PG is accomplishing. Hey, how would it know if a file was
    altered for nefarious reasons? I can live with that.
    Thanks for the info.
     
  5. gpdev

    gpdev Registered Member

    Joined:
    Jun 22, 2003
    Posts:
    12
    The just released BoClean 4.12 solves this issue - they changed the update method so it no longer runs a new .exe from the temp folder.
    So no more PG alerts when updating.
     
  6. earth1

    earth1 Registered Member

    Joined:
    Oct 17, 2004
    Posts:
    177
    Location:
    Kansas, USA
    Thanks, gpdev, for your up to the minute info.
     
  7. jon_fl

    jon_fl Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    242
    Will NOD32 updates have the same effect with PG?
     
  8. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    No, not normally, this only occurs when the updater.exe is changed or when new or changed component .exe is as part of the update.
     
Thread Status:
Not open for further replies.