changed app detection failure?

Discussion in 'ProcessGuard' started by poogimmal, Oct 2, 2005.

Thread Status:
Not open for further replies.
  1. poogimmal

    poogimmal Registered Member

    Joined:
    May 7, 2004
    Posts:
    79
    curious...
    running w2k_sp4 and PG 3.150
    I opened clamwin 0.87 to run definition
    update and surprisingly PG alerted that
    the update app had changed. I told PG
    deny once so I could investigate more as
    this app was upgraded 17sep and I've run
    it almost daily (ie updating defs) the past
    two weeks and when I upgraded clamwin to v0.87,
    I told PG to always permit.
    so something changed or something mal was
    trying to attach to it ?? if that's possilbe?
    tried running update a 2d time, and again
    PG alert and again I denied once.
    I was preparing a message to someone else
    to get valid md5s for clamwin exe files and
    I then ran the update a 3d time, and this
    time PG did not alert at all.
    this is very curious to me as I rarely see
    any type of suspect activity or problems with
    PG. either this was a PG glitch, or something
    had changed clamwin or was trying to attach
    to clamwin. any thoughts?
     
  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Always permit to a "file has changed" alert only means update the checksum. If the program changes again, you will be asked again. This must be what happened, but we will go over the code again to make sure its ok.

    We are adding "ignore checksum for this program" and it should be available in the BETA when released.

    Please note that ignoring checksum changes is ONLY recommended for programmers etc or for programs which constantly change anyway. For this reason, we might hide the option away a little. Currently it is on the execution prompt.
     
Thread Status:
Not open for further replies.