F-Secure Internet Security 2004 and PG

Discussion in 'ProcessGuard' started by ^Ale, Jul 6, 2004.

Thread Status:
Not open for further replies.
  1. ^Ale

    ^Ale Registered Member

    Joined:
    Jul 6, 2004
    Posts:
    187
    Location:
    Italy
    Greetings to all.
    I had purchase PG on April but only now I'm trying it and I've something to ask:

    I use F-Secure Internet Security 2004 and I like to know the configuration in Program Protection, because there are too many exe in this program.

    I see this in my log:
    6 Jul 11:40:06 - [P] c:\windows\system32\svchost.exe [1108] tried to gain TERMINATE access on c:\programmi\f-secure internet security\fwes\program\fsdfwd.exe [2548]
    6 Jul 11:40:06 - [P] c:\windows\system32\svchost.exe [1108] tried to gain TERMINATE access on c:\programmi\f-secure internet security\fwes\program\fsdfwd.exe [2548

    It's correct?

    Thanks for your replyies
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi ^Ale, If these are just a few random lines in your log you can safely ignore them. The operative word is "Tried" to gain terminate access, not that it actually wants to terminate the program, many programs try to read , getinfo etc. on other programs although they may never actually use the ability.
    If, however, you get continuous logs you may need to give the necessary "Allows" as the program may need to have access to run correctly.

    HTH Pilli
     
  3. ^Ale

    ^Ale Registered Member

    Joined:
    Jul 6, 2004
    Posts:
    187
    Location:
    Italy
    Thanks Pilli.
    Here is a copy of my last log.

    Welcome to DiamondCS Process Guard.
    This program does not need to be running for your system to be protected.

    6 Jul 15:01:58 - Window Log Started
    6 Jul 15:01:59 - Initializing Process Guard over 2 steps. If either step fails some protection may not be active.
    6 Jul 15:01:59 - [1 of 2] Success: Driver is active and secure.
    6 Jul 15:01:59 - [2 of 2] Success: Process Guard's Protection is currently Enabled.
    6 Jul 15:01:59 - General Protection Options
    6 Jul 15:01:59 - [1 of 4] Block End-Task is disabled.
    6 Jul 15:01:59 - [2 of 4] Block Appinit registry key is disabled.
    6 Jul 15:01:59 - [3 of 4] Block Drivers/Services is disabled.
    6 Jul 15:01:59 - [4 of 4] Block Global Hooks is disabled.
    6 Jul 15:02:00 - [EXECUTION] c:\windows\system32\fxssvc.exe with commandline c:\windows\system32\fxssvc.exe was ALLOWED to run
    6 Jul 15:02:00 - [EXECUTION] c:\programmi\f-secure internet security\backweb\4476822\program\fsbwst.exe with commandline 1.3.6.1.4.1.2213.42.1 was ALLOWED to run
    6 Jul 15:02:00 - [EXECUTION] c:\programmi\f-secure internet security\common\fch32.exe with commandline 1.3.6.1.4.1.2213.11.1.15 was ALLOWED to run
    6 Jul 15:02:00 - [EXECUTION] c:\programmi\f-secure internet security\backweb\4476822\program\backweb-4476822.exe with commandline "c:\programmi\f-secure internet security\backweb\4476822\program\backweb-4476822.exe" was ALLOWED to run
    6 Jul 15:02:01 - [EXECUTION] c:\programmi\f-secure internet security\anti-virus\fsav32.exe with commandline 1.3.6.1.4.1.2213.12 was ALLOWED to run
    6 Jul 15:02:02 - [EXECUTION] c:\programmi\f-secure internet security\common\fameh32.exe with commandline 1.3.6.1.4.1.2213.11.1.18 was ALLOWED to run
    6 Jul 15:02:03 - [EXECUTION] c:\programmi\f-secure internet security\fwes\program\fsdfwd.exe with commandline "c:\programmi\f-secure internet security\fwes\program\fsdfwd.exe" was ALLOWED to run
    6 Jul 15:02:03 - [EXECUTION] c:\programmi\f-secure internet security\backweb\4476822\program\fsbwst.exe with commandline 1.3.6.1.4.1.2213.42.1 was ALLOWED to run
    6 Jul 15:02:06 - [P] c:\windows\system32\svchost.exe [1112] tried to gain TERMINATE access on c:\programmi\f-secure internet security\fwes\program\fsdfwd.exe [2188]
    6 Jul 15:02:07 - [P] c:\windows\system32\svchost.exe [1112] tried to gain TERMINATE access on c:\programmi\f-secure internet security\fwes\program\fsdfwd.exe [2188]
    6 Jul 15:02:50 - [EXECUTION] c:\programmi\sony ericsson\gc75 manager\gc75 manager.exe with commandline "c:\programmi\sony ericsson\gc75 manager\gc75 manager.exe" was ALLOWED to run
    6 Jul 15:03:19 - [EXECUTION] c:\programmi\opera7\opera.exe with commandline "c:\programmi\opera7\opera.exe" was ALLOWED to run
    6 Jul 15:09:20 - [EXECUTION] c:\windows\system32\mspaint.exe with commandline "c:\windows\system32\mspaint.exe" was ALLOWED to run
    6 Jul 15:09:26 - [EXECUTION] c:\windows\system32\svchost.exe with commandline c:\windows\system32\svchost.exe -k imgsvc was ALLOWED to run
    6 Jul 15:11:45 - [EXECUTION] c:\windows\system32\mspaint.exe with commandline "c:\windows\system32\mspaint.exe" "d:\downloads\log.bmp" was ALLOWED to run
    6 Jul 15:15:10 - [EXECUTION] c:\windows\system32\mspaint.exe with commandline "c:\windows\system32\mspaint.exe" was ALLOWED to run


    And what about my attached config in Program Protection ? I don't know how to manage F-Secure IS 2004.
     

    Attached Files:

    • PP.PNG
      PP.PNG
      File size:
      89 KB
      Views:
      497
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    You could add Close Message Handling to your AV main .exe (the one(s) that are running as seen in Task Manager) especially if you run it without password protection - if it has a password facility.
    I assume you are using ZA firewall which does not need to be on the protection list?
     
  5. ^Ale

    ^Ale Registered Member

    Joined:
    Jul 6, 2004
    Posts:
    187
    Location:
    Italy
    Hi Pilli. I added Close Message Handling to F-Secure Internet Security Agent (in line 26) because is the only one I see in Task Manager and has not password facility.
    I use the integrated firewall in F-Secure IS 2004 (I don't know the name of exe). In the past I used Oupost Pro 2.1, but it crashes if used with F-Secure Antivirus.

    Thanks and have a good day
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    In the log file above all four protections are disabled. Is this intentional?
     
  7. ^Ale

    ^Ale Registered Member

    Joined:
    Jul 6, 2004
    Posts:
    187
    Location:
    Italy
    Hi Peter, now I've enabled Block Appinit registry key, but I don't full understand the others so I want to try one at time. Can you explain me about these protections?
    Have a good day
     
Thread Status:
Not open for further replies.