eventual need of WRITE access on PROTECTED programs

Discussion in 'ProcessGuard' started by nicM, Jul 22, 2004.

Thread Status:
Not open for further replies.
  1. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Hi, I've just installed the full version of Process Guard. I think it's well configured, as there is a useful automatic wizard, including some system process, and I've protected all EXE files from my antivirus and firewall (NIS). To avoid eventual dysfunctionements of NIS, I've put all the "allowed" flags ON for it, but I still have a question, I can't arrive to be sure about this :oops: : Can we be sure that NO unprotected programs could need to WRITE on some protected programs? (I see quite often the PG' systray icon "making angry" BLUE). I ask this because I fear possibles dysfunctionement of the computer due to a bad PG configuration... o_O

    Cheers ;)
     
  2. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Good question, Nico.

    I find quite often a program that needs "write" access to another program I've already have on my protected list.

    Example: My browser (Netcaptor.exe) needed "Write, Suspend, SetInfo" access to one of my protected programs. So I added NetCaptor.exe to the protected list and gave it "write" access to other protected programs. Then I found yet another app that needed some type of access to NetCaptor. It became a continuous process of having to add yet another process to the protected programs list to accommodate one I added just previously. So I got around this catch 22 situation by disabling all blocked flags for NetCaptor.

    Does this make sense, or am I doing something wrong??
     
  3. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    One thing to be aware of is that sometimes a process will ask for FULL access on another process (full access includes read, write, terminate, etc etc), when all it really needs is partial access, often just read access. It's very rare for one process to need to WRITE into the memory space of another process, especially if both processes are unrelated.
     
  4. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Hi, Dazed and Confused :D . Ok, it's the answer I was expecting: This case can happen, and it's a bit like a progressive learning for PG. So, Did it cause problems, when this case arrived to you? o_O ( Windows crash, etc...), and how did you see that ? I mean, when a non-protected program want to access a protected one, what did happen? I ask it because since i'm running the full version of PG, it's systray icon sometimes become "blue angry", but when I open the main window, there's no details about what happened(often at the computer' start); I guess it would be a PG 's systray "blue angry" (I don't know how to call it, and it speaks for itself... ;) ), in the case we are talking about, but let me know, if it's not the case, please.

    Cheers! :)
     
  5. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Hi, Wayne :D . I just replied to Dazed and Confused about it. So you mean that we will see it through PG, noticing an attempt to write, read, terminate, etc... . Ahh, OK :) ;;as when a new driver/service wants to run if block driver/service is enabled, I presume. Thank you (I was worrying about the passing between the free version, quite easy to use, and the full, because of the program protection... :oops: )

    Cheers! :D
     
  6. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Hello again nico,

    When you see the blue PG icon, you should see a notice inside the PG log screen that indicates what type of access is being requested. I've never had a OS crash on me because of PG. Normally if you don't give proper access, the requesting app will just not run correctly. Just takes a little while to get used to. But it offers great protection once you get the hang of it. :)
     
  7. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Personally I turn off the icon flash, it goes off way too much. We will change the options around a bit for the new version I'm sure :)

    As long as you only add trusted programs to be protected, then all ALLOW flags is fine. This means the ultimate in compatibility, just build that list carefully :)
     
  8. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Seems to me doing so might cause problems when you use a program for the first time. If you fail to notice a conflict, it might not work properly. Anyway here is the list of protection I've compiled over the last few weeks. Everything seems pretty stable now.
     

    Attached Files:

    • PG.gif
      PG.gif
      File size:
      31.5 KB
      Views:
      100
  9. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Hi, everyone :D . Dazed and Confused, thank you for the tips, but in fact, it wasn't a real problem, as I forgot to activate the "Window log", so I didn't see the sense of the related alert.. :oops: .Just me was responsible... Oups!, sorry :oops: .
    Gavin, it's what I did: I gave all "allow"flags for AV/firewall, but I was more restrictive for the process I've added to the protection list since.
    However, I have a request: I think the "blue anger" of the PG systray is very, very useful, as we can use it to adjust the autorisation for each protected program, and see if others programs should be added to the "protected list"(and even see what kind of ALLOW flag it needs) so please don't remove it on the next PG version... :'( . However, for sure a more precise information about the request of a non-protected to a protected program would be great, as I think PG just displays that the non-protected program want "write, read, suspend, terminate", etc.., but we don't know, then, if suspend or terminate is necessary (ouf! I wish this sentence is correct), as said Wayne.To compare, there are some more precise information, when a Global Hook is concerned, I think.

    Cheers ! :)
     
  10. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Whoww , Thank you so much, Dazed and Confused, an "illustrated" view will make it easier for me , for the suite of PG's configuration... :-*

    Cheers :D
     
  11. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Nico, please don't go changing your configuration to match mine. I'm not too sure mine is all that correct. But it'w working for me.
     
  12. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Well, it seems to be OK for the moment, as I've added all programs provoquing "blue anger" of PG in the protected list, and I've no "blue anger" anymore (for the moment...). That was things as the touchpad of my computer provoquing a GLOBAL HOOK (no risk about this, I guess... :cool: ), Norton's parts wanting to communiquate between them (I forgot some Symantec shared issues (fixed, now), and I 'll just add some Norton Liveupdate executables to the list, to prevent problems during the next update (when I had the free PG version, I had to disable "prevent driver/services from installing" when making an update,otherwise, something was going wrong; it even disabled the Norton's AUTO-PROTECT, without any way to re-activate it, one time: I had to turn off the whole PG to activate auto-protect again... :( . (But I know the tip now :cool: ).

    Thanks again (I'll have a look to your screen capture, later)

    Cheers :D
     
  13. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Hi, Dazed and Confused :D . So, I've studied the shot of your PG protected programs configuration (there are a lot of security software in there!!! :eek: ), and I'll adjust "cftmon": I gave full allowed flags to it, maybe unnecessary). But I was surprised by the way you treat some of your security related softs: you didn't gave any allowed flags to some of them (nod 32, PG, etc...). Does it mean that it would be useless ? (personnaly, I gave full allowed flags to ALL AV/firewall executables). Maybe the cause is that it wouldn't need terminate access to a protected one, because it's already protected, and no protected program can be infected by virus/malware o_O .
    I'll make a research on the forum about this...
    By the way, the thing I'm worrying about is the next Norton update, I'm in a hurry to see what happen with PG enabled (and there is no update for over 3 days, would you believe?..)

    Cheers :D
     
  14. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Good point. I only give allow access when it requests it (tells me it needs it). I hope this is correct. o_O


    EDIT: Same goes for Options - only given when requested...
     
    Last edited: Jul 24, 2004
  15. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Thanks, Nico! You can't be too careful these days. ;) Every one of them is top-notch, IMO. Let me know if you have any questions about any of them. They all work together very well. I have a stable AND secure system. :D
     
  16. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Hi again, Dazed and Confused :) . You are right, when I see the amount of "nasties" sprinkling the net, we should need a tank, soon... :eek: . OK, if we see a request each time a PrOTECTED program want "more" allowed flags, it should work... I wasn't sure that PG would make an alert in such cases, Thanks :D .
    Among your security softs, I noticed Spysweeper, as I tried to learn about it a few days ago, but the Google's links (poiting to Spywareinfo, I think) didn't work. Maybe it has something to deal with the fact that there's an old, and a new site o_O (and I think, as I registered to the Bootcamp, since, as Marianna encouraged me to do -Hi to her!- and this time, I managed to go on Spywareinfo.. :) ).I'll search again about Spysweeper(BTW, is it freeware?). I noticed Roboform, too; never heard about o_O , but I guess it must be useful. I've noticed TDS, too: this one is the next on my "buy" list (hesited between PG/TDS, but let's go for the both ;) ).
    Oh- and never heard about Netcaptor, either o_O

    ps: it's NOT a security soft, but I personaly use Ace Utilities: it's a registry cleaner, but a global washer too: it could be indirectly seen as security soft, because it allows to clear ALL sorts of temp, old, etc files; I've seen that sometimes, clearing theses files allows to delete damages provoqued by malwares :D .

    Cheers! :D
     
  17. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    I don't want to get off topic here, so I'll send you a response via private message.
     
Thread Status:
Not open for further replies.