Doesn't ask to Block or Allow

Discussion in 'Ghost Security Suite (GSS)' started by Avante, Oct 12, 2005.

Thread Status:
Not open for further replies.
  1. Avante

    Avante Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    3
    Now on version 2.001... I'm not being asked to allow or block. The pop up box doesn't show it's self and auto blocks anything that meets a rule even if the rule is set to "ask user". This is a new install on a new OS (XP-SP2). The log shows the actions were blocked (or allowed). I fisrt noticed it during a Windows Update session when updates failed.
     
  2. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Avante,
    Could you copy and paste the log entries around the time that you had these issues so that we can see them please. You can get the information into the windows clipboard by highlighting the lines (you can do several lines at a time if you wish) and using the keyboard copy shortcut ( control-C ). After that simply paste the log entries into a forum post however you wish.

    I will be able to see from the logs anyway but you wont see an alert if you see entries with "Blocked [Auto User]". When you see this is means that either the GUI is not running or the system is in a state where the GUI cannot respond. In that case RegDefend opts for the more secure of the two choices and denies the access and allows the program to continue

    Thanks
     
  3. Avante

    Avante Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    3
    21:14:43 | Set Value | Blocked [Auto User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | update.exe
    21:14:49 | Set Value | Blocked [Auto User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | update.exe
    21:14:49 | Delete Value | Blocked [Auto User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | update.exe
    21:14:54 | Set Value | Blocked [Auto User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | spuninst.exe
    21:15:10 | Set Value | Blocked [Auto User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | update.exe
    21:18:40 | Set Value | Blocked [Auto User] | HKLM\System\Controlset001\Control\Session manager | pendingfilerenameoperations | update.exe
    22:55:31 | Delete Value | Allowed | HKLM\System\Controlset001\Services\Tcpip\Parameters\Interfaces\{a4c2203d-0d0a-4521-be56-43b737c9e281} | dhcpnameserver | svchost.exe
    22:55:31 | Delete Value | Allowed | HKLM\System\Controlset001\Services\Tcpip\Parameters\Interfaces\{a4c2203d-0d0a-4521-be56-43b737c9e281} | dhcpdomain | svchost.exe
    22:55:31 | Delete Value | Allowed | HKLM\System\Controlset001\Services\Tcpip\Parameters\Interfaces\{a4c2203d-0d0a-4521-be56-43b737c9e281} | dhcpsubnetmaskopt | svchost.exe
    22:55:31 | Delete Value | Allowed | HKLM\System\Controlset001\Services\Tcpip\Parameters\Interfaces\{a4c2203d-0d0a-4521-be56-43b737c9e281} | dhcpdomain | svchost.exe
    22:55:31 | Delete Value | Allowed | HKLM\System\Controlset001\Services\Tcpip\Parameters\Interfaces\{a4c2203d-0d0a-4521-be56-43b737c9e281} | dhcpdefaultgateway | svchost.exe
    22:55:31 | Delete Value | Allowed | HKLM\System\Controlset001\Services\Tcpip\Parameters\Interfaces\{a4c2203d-0d0a-4521-be56-43b737c9e281} | dhcpnameserver | svchost.exe
    22:55:31 | Set Value | Allowed | HKLM\System\Controlset001\Services\Tcpip\Parameters\Interfaces\{a4c2203d-0d0a-4521-be56-43b737c9e281} | dhcpdomain | svchost.exe
    22:55:31 | Set Value | Allowed | HKLM\System\Controlset001\Services\Tcpip\Parameters\Interfaces\{a4c2203d-0d0a-4521-be56-43b737c9e281} | dhcpnameserver | svchost.exe
    22:55:31 | Set Value | Allowed | HKLM\System\Controlset001\Services\Tcpip\Parameters\Interfaces\{a4c2203d-0d0a-4521-be56-43b737c9e281} | dhcpdefaultgateway | svchost.exe
    22:55:31 | Set Value | Allowed | HKLM\System\Controlset001\Services\Tcpip\Parameters\Interfaces\{a4c2203d-0d0a-4521-be56-43b737c9e281} | dhcpsubnetmaskopt | svchost.exe
     
Thread Status:
Not open for further replies.