hijacking

Discussion in 'other firewalls' started by Hulk, Jan 24, 2006.

Thread Status:
Not open for further replies.
  1. Hulk

    Hulk Registered Member

    Joined:
    Aug 25, 2005
    Posts:
    40
    Can some one tell me what this is as I am trying Sygate with Mcafee IIS 2006 V 8.0

    Application Hijacking has been detected
    The application: C:\Program Files\McAfee.com\VSO\mcvsshld.exe try to launch another application: c:\Program Files\McAfee.com\VSO\McVSEscn.exe to go to remote host pop.ntlworld.com

    Thankso_O
     
  2. Hulk

    Hulk Registered Member

    Joined:
    Aug 25, 2005
    Posts:
    40
    And also if any one can give me some info on advanced rules in Sygate.

    Thanks
     
  3. SwordOfSecurity

    SwordOfSecurity Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    108
    Location:
    Canada
    looks like you'll need to do a bit of tweaking with sygate to fix that problem. those two processes are completely legitimate and are processes that rightfully belong to your AV.

    mcvsshld.exe -is basically an important file used to ensure stability for McAffee IS software.

    McVSEscn.exe -is used to automatically scan incoming emails.

    sygate is a firewall with outbound protection and firewalls don't neccasarily always warn you of actual security threats. its basically doing its job based on how its configured, which is asking the user whether he/she should allow the run of the program or not.

    and sorry i haven't tried sygate before so i don't know a lot on how to set up effective advanced rules that work for you.

    but anyway, i hope that helps :p
     
  4. Hulk

    Hulk Registered Member

    Joined:
    Aug 25, 2005
    Posts:
    40
    It helps - thanks:)
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,697
    Hi,
    First, it's nothing to worry about. Sometimes applications launch other applications. For instance, when you click help within a program and it launches your browser. Sygate detect this is not the standard procedure of starting the browser, so it alerts you.
    Second, what do you want to know about the advanced rules?
    Ask and thou shalt be answered... maybe. Gimme a specific one.
    Mrk
     
  6. Hulk

    Hulk Registered Member

    Joined:
    Aug 25, 2005
    Posts:
    40
    Hi MrKvonic,

    As far as advanced rules go I would like to make Firefox and IE access to the internet a bit more strict as well as Outlook.
    :)
    Thanks
     
  7. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,697
    Hi,
    Hmmm.
    Advanced rules are for more complex things. IE / Firefox use mainly port 80 to communicate. It's pretty straighforward communication. You can tweak IE / FF to be more secure, but the packets they get ...?
    Advanced rules can be, for instance, blocking incoming UDP spam on port 1027, for instance, or outgoing icmp, and such. But I don't think you can actually make the IE / Firefox communications safer without breaking them.
    IE / Firefox need to connect - you have to let them, otherwise you won't be able to browse.
    I checked my log now - communication strictly via port 80 (and sometimes for https port 443). Not much tweaking there.
    Mrk
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
  9. Hulk

    Hulk Registered Member

    Joined:
    Aug 25, 2005
    Posts:
    40
    So in other words a lot of people will create a rule to give FF or IE access to port 80 and 445 but these apps will be let out of these ports automatically by the firewall if it contains application control and if you create rules for these ports it is none the safer, but a rule is created to block a program or a communication.:rolleyes: :rolleyes:
     
Thread Status:
Not open for further replies.