Configuration feedback....

Discussion in 'ProcessGuard' started by A884126, Aug 1, 2004.

Thread Status:
Not open for further replies.
  1. A884126

    A884126 Registered Member

    Joined:
    May 16, 2004
    Posts:
    191
    Hi.
    I wish we could get an FAQ with setup for most of the programs that people are using...
    I was wondering if something was wrong with my configuration...?
    Thanks for your kindly help.
     

    Attached Files:

    Last edited: Aug 1, 2004
  2. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Hi :) . You didn't have to add "cftmon.exe", in that ?
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi A884126, Rather a long list! :)
    I'll add a few comments about the programs I know.

    NOD32.exe - Why?
    OP2 - Add Close Message handling - Outpost has little closedown protection although gusing it's password protection will help
    WormGuard - Remove, as it is not a process as such
    TDS3 - Add Close message Handling
    Not sure why True Image is on there at all
    I only have Outllok and Frontpage from office on my protection list.
    SpywareGuard just the SGBHP & SGmain
    I have no manual updaters listed.

    I am sure others will comment :)
     
  4. A884126

    A884126 Registered Member

    Joined:
    May 16, 2004
    Posts:
    191
    To tell you the truth I do not really know, some people do some don't.
    In my log 'ctfmon.exe' is always trying to create 'global Shell hook', 'global message hook' and 'global CBT hook' (and BTW what's this last one?)
    Pilli what do you think? Should I add 'ctfmon.exe', 'dumprep.exe' and 'Rundll32.exe' ?

    - NOD32.exe - Why?
    I thought it was recommended to add all AV, AT, firewall and other security appz.

    - OP2 - Add Close Message handling - Outpost has little closedown protection although gusing it's password protection will help
    'Close Message handling' added.

    - WormGuard - Remove, as it is not a process as such
    I thought it was recommended to add all AV, AT, firewall and other security appz.
    I found this configuration on https://www.wilderssecurity.com/showthread.php?t=39518&highlight=configuration and
    https://www.wilderssecurity.com/showthread.php?t=36073&highlight=configuration

    - TDS3 - Add Close message Handling
    Done.

    - Not sure why True Image is on there at all
    Me neither but I found it in the forum when I tried to consolidate most people' rules. This one comes from you https://www.wilderssecurity.com/showthread.php?t=36768&highlight=configuration

    - I only have Outllok and Frontpage from office on my protection list.
    OK. But I guess because you are not using the other appz, are you?

    - SpywareGuard just the SGBHP & SGmain
    OK the update has been removed. I read that some people said that most update exe should be protected. Wrong idea?
    BTW I got this one from https://www.wilderssecurity.com/showthread.php?t=36073&highlight=configuration

    - I have no manual updaters listed.
    What do you mean? You add automaic updater to your list but not the manual ones?

    Thanks for your kindly help.
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi again,
    Looking at your first post in more detail it appears that the default set is missing? Or are they above what can be seen in your screenshot?

    WG does not run as a process, so I cannot see the point - If the WG .exe was to change then Process Guard checksums would alert you.
    NOD32 Control center does not run as a process as such not like the resident parts.
    As far as I know True image does not connect to the net.
    I have TDS3's updater on my list as it does do auto updates twice a week if you let it and the same with KAV though it is set for twice daily updates.
    I have no other programs which have auto update enabled, any updater that is changed would give a checksum change in PG.
    Also my firewall will alert me if anything regarding those connections changed.

    I do use all the Office programs but do not allow them web access as a rule.

    To a certain extent I think what you place on the protection list is probably equal to whatever level of paranoia one is at :)

    I believe in the old adage KISS (keep it simple stupid) which I apply to myself most diligently :D

    Pilli
     
  6. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Hi ! :) . I just asked you about cftmon.exe because it will flash the PG's systray icon , if you have "4. Block global Hook", in your Protection/general protection options, as you said . But sorry, I don't know more than you about cftmon.exe... :oops: (I just put it in the protected programs list to avoid it requesting for "global hook" permanently...) :D

    Cheers ;)
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi nico-nico, I do not have cftmon on my protection list and I do usually get two or three logs a day about global hooks from cftmon, these are to do with language and also mouse gestures - I ignore them as I have noticed no related problems :)
     
  8. A884126

    A884126 Registered Member

    Joined:
    May 16, 2004
    Posts:
    191
    Looking at your first post in more detail it appears that the default set is missing? Or are they above what can be seen in your screenshot?
    Well guess as the default set is above. The screen was not big enough :)

    WG does not run as a process, so I cannot see the point - If the WG .exe was to change then Process Guard checksums would alert you.
    OK. I will remove the 3 'exe'

    NOD32 Control center does not run as a process as such not like the resident parts.
    What about the updater. Which is true for TDS and KAV is not for NOD32?

    As far as I know True image does not connect to the net.
    True so I guess what I read was wrong. Then I removed it.

    I have TDS3's updater on my list as it does do auto updates twice a week if you let it and the same with KAV though it is set for twice daily updates.
    See NOD32 above.

    I have no other programs which have auto update enabled, any updater that is changed would give a checksum change in PG.
    Do you mean that all auto update programs should be on the list?
    If so, should I have the update program and the main program *.exe?

    Also my firewall will alert me if anything regarding those connections changed.
    I guess same here with OP (which is close to ZA that you use, don't you?)

    I do use all the Office programs but do not allow them web access as a rule.
    OK I understand, but it not my case as Office 2003 latest version requires internet connection to fonction properly. For instance most of the Help is now online.

    Nico-nico, as Philli said I did not face yet, any concern with 'cftmon.exe'. Yes the request for 'global hook' is in my log program but the computer is running fine. Which is not the case for MyIE2 or MusicMatch if I do not allow 'global hook'.
    To tell you the truth I do not see the need to add it in the protection list.

    Philli you did not answer regarding 'dumprep.exe' and 'Rundll32.exe'. Should we add them also to the list or not?

    Cheers

    PS: Just a thought... we should really start to build a generic list as a sticky thread. Don't you think so? It will help our community.
     
  9. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Hi! :D . Thanks, Pilli, now I know a little bit more about this cftmon.exe... :D .
    And A884126, you know, I didn't tell you about the same cftmon.exe as an "authorized opinion" ;) . I just told it to you to prevent PG's systray flashs :D ... but if you are OK with that, you decide... :cool: . And I agree with you, in the wish of a PG's "protection list configuration" new topic :D , but let's don't forget that most of this can be found as browsing this forum, I think... :rolleyes: . Whatever, I'm not opposed to this eventual new topic, if needed ;)

    OK, Cheers :)
     
  10. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    NOD updater can be added if you use it automatically :) I would not bother with the main .exe if the program is not security related or web enabled.

    I use Kerio 2.1.5 on two machines
    old but good & Outpost V2 and another. All through a router.

    I do not think your statement on Office 2003 can be exactly true as many users do not have web access either at home or at work. Having the on line help is just a bonus for those that wish to use it but it is almost certainly not mandatory. I have friends that use 2003 Word, Excel and Powerpoint with no Internet connection.

    dumpreg & rundll are not on the default list so probably not considered vulnerable. Jason will have to answer that one though I can see no harm in adding them.

    nico-nico's comment about a general guide is being addressed as Gavin is trying to gather as much user information about their setups to create a program knowledge base when he has the time. So send your saved protction list's to him. support@diamondcs.com.au


    Thanks Pilli :D
     
  11. A884126

    A884126 Registered Member

    Joined:
    May 16, 2004
    Posts:
    191
    I guess this is it, and that our thread can be now considered as closed.
    Thanks both for your precious help.
    I will send to Gavin my protection list.

    Thanks again.
    Pete
     
  12. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Cheers A666146, I know that as Process Guard matures it will only improve and it is down to the users. - Users input is invaluable - DCS does listen & respond ;)

    Thanks. Pilli :)
     
Thread Status:
Not open for further replies.