GeSWall's Attack Prevention

Discussion in 'other anti-malware software' started by omega5475, Jan 6, 2008.

Thread Status:
Not open for further replies.
  1. omega5475

    omega5475 Registered Member

    Joined:
    Nov 27, 2007
    Posts:
    34
    Anyone using GeSWall having this problem?

    001.png

    I checked the logs and found there are many applications that isolates explorer.exe.
     
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hmm........... 2.6 version of GW!
    Explorer.exe isolation was an old bug that was fixed and I never saw it with 2.6 and 2.7 beta. Probably it was with 2.5 version but I am not sure.
    Can u post ur log as txt?

    Go to GW console, Applications> system > Exploere.exe. Right click it and check its properties.
    It must be always trusted.

    Thanks
     

    Attached Files:

    Last edited: Jan 6, 2008
  3. omega5475

    omega5475 Registered Member

    Joined:
    Nov 27, 2007
    Posts:
    34
    Yup, explorer.exe is set to Always Trusted.

    000.png

    From the logs:
    Code:
    Opera.exe ISOLATE on start from explorer.exe
    miranda32.exe ISOLATE on start from explorer.exe
    firefox.exe ISOLATE on start from explorer.exe
    utorrent.exe ISOLATE on start from explorer.exe
    Basically, all the applications I use daily, have been isolating explorer.exe
     
  4. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    You're misinterpreting the logs. They're saying that application xxx is isolated when it's launched by explorer.exe, not the other way around.
     
  5. omega5475

    omega5475 Registered Member

    Joined:
    Nov 27, 2007
    Posts:
    34
    oops... shame on me :oops:

    Any idea why these applications are starting from explorer.exe and being labelled as an attack? They are all set to auto isolation while explorer.exe is "Always Trusted".

    If I understand correctly, the System folder has a higher priority than the rest. Any programs starting from a trusted process should inherit the same security level, right?
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Lucas is right.
    It means Parent process( explorer.exe) has launched child process ( Opera.exe) and opera is isolated. It,s the normal behavior.
     
Loading...
Thread Status:
Not open for further replies.