CSRSS.EXE wants Terminate privilege over Protected applications

Discussion in 'ProcessGuard' started by Baldrick, Oct 2, 2004.

Thread Status:
Not open for further replies.
  1. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,301
    Location:
    South Wales, UK
    Hi there

    Ran in learning mode as part of my upgrade to NIS2005 and noted after that that csrss.exe had appeared in the list with Termminate, Modify & Read privelages over Protected applications. It is the only such items to request/require this level of access. What does it do? Should it be allowed?

    Any advice in this area would be much appreciated.

    Best regards


    Baldrick
     
  2. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
  3. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi,

    I think that it is the default config for this executable, and even if it is not you have to give it terminate priviledge, along with modify and read.

    regards,

    gkweb.
     
  4. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,301
    Location:
    South Wales, UK
    Hi Siliconman/gkweb :D

    Thanks for the reponses. I was starting to come to that conclusion, and if that is the price to pay for having PG3 working than so be it as without PG3 the rest would unsecured.

    Now, whilst it adds a level of complexity I was wondering whether there might not be scoop to add functionality to a future release of PG3 that allows a 'white list' of which records which applications require which processes to have the Terminate privilege, ie, in Siliconman's example NIS2005 plus the couple of other programs, then if some other, unauthorised program tried to use the process illicitly PG3 would warn, askiing if the user wanted to allow once or always (add the program to the 'white list') or block once or always, etc.? This might also be expanded to cover of the other 'issue' that I have been following related to the need for services.exe to have Install Driver/Service privilege as some applications are written to use this facility rather than starting them on their own.

    Perhaps, if you two think that it is a good idea I will suggest it to Jason and the good people at DCS (assuming that they haven't already been asked or are planning to do this)?

    Let me know, eh!

    Best regards



    Baldrick :rolleyes:
     
  5. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    I agree. :)
     
Thread Status:
Not open for further replies.