GeSWall's Attack Prevention

Discussion in 'other anti-malware software' started by omega5475, Jan 6, 2008.

Thread Status:
Not open for further replies.
  1. omega5475

    omega5475 Registered Member

    Joined:
    Nov 27, 2007
    Posts:
    34
    Anyone using GeSWall having this problem?

    001.png

    I checked the logs and found there are many applications that isolates explorer.exe.
     
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,110
    Location:
    Saudi Arabia/ Pakistan
    Hmm........... 2.6 version of GW!
    Explorer.exe isolation was an old bug that was fixed and I never saw it with 2.6 and 2.7 beta. Probably it was with 2.5 version but I am not sure.
    Can u post ur log as txt?

    Go to GW console, Applications> system > Exploere.exe. Right click it and check its properties.
    It must be always trusted.

    Thanks
     

    Attached Files:

    Last edited: Jan 6, 2008
  3. omega5475

    omega5475 Registered Member

    Joined:
    Nov 27, 2007
    Posts:
    34
    Yup, explorer.exe is set to Always Trusted.

    000.png

    From the logs:
    Code:
    Opera.exe ISOLATE on start from explorer.exe
    miranda32.exe ISOLATE on start from explorer.exe
    firefox.exe ISOLATE on start from explorer.exe
    utorrent.exe ISOLATE on start from explorer.exe
    Basically, all the applications I use daily, have been isolating explorer.exe
     
  4. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    You're misinterpreting the logs. They're saying that application xxx is isolated when it's launched by explorer.exe, not the other way around.
     
  5. omega5475

    omega5475 Registered Member

    Joined:
    Nov 27, 2007
    Posts:
    34
    oops... shame on me :oops:

    Any idea why these applications are starting from explorer.exe and being labelled as an attack? They are all set to auto isolation while explorer.exe is "Always Trusted".

    If I understand correctly, the System folder has a higher priority than the rest. Any programs starting from a trusted process should inherit the same security level, right?
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,110
    Location:
    Saudi Arabia/ Pakistan
    Lucas is right.
    It means Parent process( explorer.exe) has launched child process ( Opera.exe) and opera is isolated. It,s the normal behavior.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.