Clarification on new set up please

Discussion in 'ProcessGuard' started by beethoven, May 21, 2005.

Thread Status:
Not open for further replies.
  1. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    I installed PG3, read through the helpfile and Andreas' discussion paper and I think I understand the benefit of PG. However, not being an IT person, a lot of the specifics are beyond me or would take a lot of study.

    I would just like to clarify if I can use the product more or less out of the box without a lot of tweaking and still be protected?

    After installation, I ran PG in learning mode, ran my usual programs, rebooted and see now a list of programs under Protected.
    1. Am I right in assuming that these programs are good/safe programs determined either during the initial loading by PG or my subsequent response to alerts?
    2. As these are now protected programs, nasties are unable to terminate or modify them to do their dirty work?
    3. Running now in secure mode, I still get alerts. Assuming these are due to my running a program previously ignored, I will grant access and the program will find its way to the list of protected programs?
    4. Can I tick the always box when asked for permission provided the program appeared due to my activation?
    5. Once I have accessed my programs, further alerts should no longer appear for those that were granted access before?
    6. I understand that further modifications may be necessary to tighten security further or if some programs require special rights. But can I leave things as they are as long as everything works?

    I realise that most of this is explained in more technical terms somewhere but I am hoping someone can tell me whether my understanding is right and put my mind at ease :D
     
  2. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    1. No, you are not right :) PG in learning mode does not make any differentiation between good and bad programs. It simply 'learns' whatever you run. This is why it is best (not entirely necessary, but best) if you know your machine is clean before installing PG. Personally after going through learning mode, I went through everything listed, and if I didn't know what it was, I did a google search on it.
    2. Correct (although i've never been quite able to work out if PG protection from modification also prevents buffer overflow)
    3. No, when you grant access to a new program, it will find it's way into your SECURITY tab. You must then choose to add it to your PROTECTION tab <and grant it any relevant permissions...most wont need any>
    4. You can <but it is still best to learn and understand what you are running>
    5. So long as you gave the 'permit always' permission AND moved the said program into the said program into the 'Protected tab' AND gave it all permissions there, then you will never get another alert on it....However...if you don't know your computer is absolutely clean when installing PG, then I would advise against giving any program all permissions that dont need it (I mean permissions to bypass the Global Protection)
    6. Pretty much spot on there. You'll learn more about PG the longer you have it. Eventually PG will be very very quiet, except for when you install new programs, or if you have something set to permit/deny once.
     
  3. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Vikorr - thanks for taking the time to answer all these questions.

    I am pretty sure that my system is clear at present and PG is meant to keep it that way.
    I am glad I asked as in particular my understanding of the need to add something to the protected tab was seriously flawed o_O
    I will do more in depth reading and check my settings.

    Thanks again :D
     
  4. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    beethoven,

    Personally, I've done no tweaking. Recommended defaults and actions on all counts. Works fine. Just to speed things through the process, I've launched frequently used apps to walk through the initial setup.

    As for:
    If your system is not clear, you are always able to go back, clear a specific entry, and deal with things from there. While this doesn't necessarily resolve all eventualities (e.g. unknown alteration of an executed) file, it does allow you to handle the vast majority of likely scenarios.

    Blue
     
  5. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Ok, I have reread the whole help file and start to understand more. I will now go through the files listed as protected and on the security tab.
    Some files appear under protected but not on the security tab (e.g. msimn.exe and ntvdm.exe). I suppose these have not yet been run but are necessary for windows and PG put them under protected by default?

    One question: under security tab I can remove applications (if listed) - why would I do that? I understand now that this tab just shows me what services were run and what permissions had been given - like a log. Is it not more sensible to keep that info and be able to modify permissions here?
     
  6. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Why would you do that? Well, to replay the request to allow/prevent execution. Set it to always allow or always deny and that's it, no more questions. What if you're not sure what's going on? Pull the entry out and see what happens. It can help debug a problem situation. Treating it as a simple log misses half the role of this tab.

    The other reason for pulling something out is that it's no longer on the machine. As with any list based filter, you really don't want the list to grow forever - at some point that will have negative consequences to performance.

    Blue
     
  7. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Good points - thanks :D
     
Thread Status:
Not open for further replies.