Difference Between Permit Once and Deny Once?

Discussion in 'ProcessGuard' started by knowbodynow, Nov 8, 2005.

Thread Status:
Not open for further replies.
  1. knowbodynow

    knowbodynow Registered Member

    Joined:
    Sep 23, 2005
    Posts:
    48
    Is there any difference? I can't find it. I thought perhaps when the message flashed up I would be able to hit enter and if permit once was set the application would be allowed and if deny once were set the application would be blocked. It doesn't seem to work like that. If there is no difference I think having two separate options is confusing.

    CaH
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    With the security app I am running "Permit once and Deny once" mean just that. I I deny once it won't allow it to run on that request Or if I allow it will run that one time. It seems to always work this way. The only app I have ever used that reacts differently is Norton firewall, it will set a rule if you allow/deny a request.
     
  3. knowbodynow

    knowbodynow Registered Member

    Joined:
    Sep 23, 2005
    Posts:
    48
    Thanks, but this makes no sense to me. Regardless of whether the setting is deny once or allow once ProcessGuard flashes up a message - it then acts on the choice that I make in responding to that message. I have to make a choice. In fact, thinking about it if nothing is set I have to make a choice as well so why bother with deny once or permit once at all. Now, I'm getting confused!
     
  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    If you check the box on the left bottom corner of the box that is requesting the choice and then choose allow/deny it becomes a permanant rule
     

    Attached Files:

    Last edited: Nov 8, 2005
  5. knowbodynow

    knowbodynow Registered Member

    Joined:
    Sep 23, 2005
    Posts:
    48
    Yes, I realise this, but my question is about deny once and allow once. There seems no difference between what these settings actually do and alos no difference between not having a setting at all. In every case ProcessGuard pops up a message box requiring me to make a choice,

    CaH
     
  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I am sorry you don't seem to grasp the way allow/deny works I don't seem to understand what it is you don't understand about it. The allow deny buttons on my processguard work as it was designed to. I don't know what to tell you.
     
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    This may not help but that scenario is played out every day on many programs in regards to Allowing actions or Denying actions. Also like those other programs there is a point where the user can answer Permit that sucker everytime and quit bothering me with the pop-ups or Deny that sucker.

    I reckon we see this in a differnet light as each other or you are seeing something abnormal that I personally am not comprehending with the info given :doubt:
     
  8. Carver

    Carver Guest

    Say I get a pop-up asking me if I want thunderbird.exe to start on my computer. Now if I double clicked on my destop shortcut to start the program because I had a email to write. I would click the allow button on the pop-up. But if I get that pop-up and I am not expecting it, I would Deny it.

    But putting a check mark in the box marked "Always preform this action" means next time have a event where thunderbird wants to start on your computer. Pg will remember the decision you made when you put the check mark in the box. And allow thunderbird to start. If you put a check mark in the box and click "Deny" it will remember your decision and deny the next instance of Pg wanting to start.
     
  9. knowbodynow

    knowbodynow Registered Member

    Joined:
    Sep 23, 2005
    Posts:
    48
    Thanks for the replies. I understand about always perform this action. My question is about changing settings to deny once or allow once. Under what circumstances is this useful. For example:

    No option is set for notepad.exe. I manually launch it and Processguard pops up a message. I choose allow and type away.

    No option is set for notepad.exe. I manually launch it and Processguard pops up a message. I choose disallow and notepad is blocked and Windows gives me a system error message.

    Allow Once is set for notepad.exe. I manually launch it and Processguard pops up a message. I choose allow and type away.

    Allow Once is set for notepad.exe. I manually launch it and Processguard pops up a message. I choose disallow and notepad is blocked and Windows gives me a system error message.

    Deny once is set for notepad.exe. I manually launch it and Processguard pops up a message. I choose allow and type away.

    Deny Once is set for notepad.exe. I manually launch it and Processguard pops up a message. I choose disallow and notepad is blocked and Windows gives me a system error message.

    This is what is happening on my system - I can't see the difference between deny once, allow once and having nothing set at all.

    CaH
     
  10. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    There is one difference between not having notepad.exe on the security list and having it on the list with permit once. If it's on the list, an MD5 hash has been created for it so you will be warned if it has been modified on the hard drive.

    If you want to make sure a certain programme has to ask you before it can run and you want to make sure it hasn't been modified then you put it on the security list with allow once (or deny once - I can't see a difference between those two options). In this case, when you run notepad, PG will ask if you want it to run and it will tell you if notepad.exe has been modified since it was last run.

    If you don't care about it being modified then don't put it on the list. In this case, when you run notepad, PG will ask if you want it to run but will not warn you if it has been modified since it was last run.

    If you put notepad.exe on the list with allow always, then you wont be alerted when you run it, unless it has been modifed, in which case PG will alert you that it has been modified and ask you if you want it to run.

    I hope this makes sense.
     
  11. knowbodynow

    knowbodynow Registered Member

    Joined:
    Sep 23, 2005
    Posts:
    48
    Thanks SpikeyB, that definitely makes sense. I get the difference between not having a program on the list and having it on - I still wonder about deny once and allow once. Can anyone explain it?

    Cheers,

    CaH
     
  12. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    If any '.exe" pops up and PG finds no entry for that particular .exe (either "Always Allow" or "Always Deny") it pops a warning and asks you to make a decision on a one-time - or first time - basis.

    If you don't understand what the exe is - but you don't have time to investigate and want to err on the side of caution - you "Deny" it once and keep on truckin' until either (1) something doesn't work that you were expecting to work or (2) you go back and play with whatever it was to find out if you do want to always allow or always deny it.

    It is PG's total aim in life to make sure that nothing slips by you, and until you make a final decision on it, that's why it will always ask you for your choice.

    When installing programs that you're sure are legit (trusted source, verified CRC value, an updated revision or new version of something you already have), you can use the "Allow" once option for a lot of the stuff that comes with an installation. There's really no reason to always "Allow" all that stuff since it's only needed on a one-time basis (and you never know when a malware-writer is going to come along and name his latest thing the same way).

    Of course, you have to also go back into the "Security" and "Protection" tabs every so often and check the stuff you've got in there, removing any "deadwood" and making sure everything looks right (IOW, that all your permissions look familiar and correct). HTH Pete
     
  13. knowbodynow

    knowbodynow Registered Member

    Joined:
    Sep 23, 2005
    Posts:
    48
    Thanks for the explanation. I think I haven't been as clear as I could have been. Under the security tab one can right click and choose either "deny once" or "allow once". Why do this? Is the only difference the actual label itself?

    When I first heard about deny once and allow once I assumed it worked as follows

    allow once: let the application run automatically once but if it tries a second time throw up a warning.

    deny once: block the application automatically once but if it tries to run a second time throw up a warning.

    I think the labels "deny once" and "allow once" are misleading - neither does as they say, both cases cause ProcessGuard to throw up a warning for the user to act on. They could be replaced by a single choice: "Alert Me" or something similar.

    The one use I can see is that by having different labels it becomes easier to sort applications, perhaps there could be a way for the user to enter their own label? Alternatively, if ProcessGuard kept a record of the number of times the user allowed the action and also blocked the action that could provide useful criteria.

    As far as I know one must choose to permanently allow or deny an application to add it to the security list and then change the setting to deny once or allow once manually. Wouldn't it be more convenient if applications could be directly added to the security list without a permanent decision either way?

    CaH
     
  14. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    This is why permit once and deny once no longer show up in the list. But they are there in the menu just for the sake of being there ?

    Noone's MAKING you set any program to "once", be it permit or deny. Its just there because it's there :)
     
  15. knowbodynow

    knowbodynow Registered Member

    Joined:
    Sep 23, 2005
    Posts:
    48
    I appreciate that it is the user's choice to set an item to "allow once" or "deny once". It's just that sometimes reading the posts to the forum I would see someone recommending using one of these settings for something and I couldn't figure out why. I still think the terms are confusing for novice users which I guess I am.

    CaH
     
Thread Status:
Not open for further replies.