How can I C&P my "protected" list?

Discussion in 'ProcessGuard' started by spy1, Nov 28, 2003.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Thought it was going to be saved from the old version, but it wasn't.

    Wouldn't mind being able to show everyone what I've got protected by the program, if possible without having to manually copy it and then type it. (The same applies for being able to save the list of things I've added for re-installation into later program versions without having to do the above).

    Doable? Pete

    *This is some of them - is there any way to change what "Allowed Privileges" and "Options" they can have - because right now both columns say "None"
     

    Attached Files:

  2. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Here's the rest - so far:
     

    Attached Files:

  3. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    A "Save List To Text File" would probably be a good option. Is that just as good as copy paste?

    -Jason-
     
  4. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Sure - and make it to where the un-install doesn't touch those entries (leaves them in the folder) so that whenever you load in a new version they just get added to the default protection list. Pete
     
  5. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    Hi Pete,
    you can make a copy of pguard.dat in your system32 directory when you boot into safe mode - that file is where the protected programs along with their options are stored. ...sot of a workaround until we get the text exporting (& importing?)...
    As for changing the settings: have you clicked on one of the entries? If you do so, there should be a list of available options at the bottom of the list window. Select which "column" you want to change in a dropdown box and check or uncheck what you like. But maybe I got you wrong...?

    HTHH,
    Andreas
    As
     
  6. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    an "importing" feature would be really nice, we could thus do files for particular software (firewall, AV, etc...) and if you have the software you just have to import the file to have quickly good executables protected and right configuration.
    We would just have to modify the path to fits with our computer, but it would be great :)
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Andreas - Thanks, I finally got around to R'ingTFM again and figured out what to do.

    BTW, I had to remove MRU-BLASTER and Blaster scheduler from the list - it was driving me nuts with alerts from PG w/"Close Message Handling" activated.

    (Yeah, I know putting MRUB in there was a little over-the-top - but that 's the only way to find out if it caused a problem, right?). Pete

    *To clarify, I just shut off "Close message handling" for both those exe.'s - I didn't remove them, so I'm still getting the log messages about OPP trying to gain write access on both. But I can live with that.
     
  8. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    Pete,
    have you considered/tried adding OPP with write (or whatever it is that you get so much log entries on) allow? Since in such a setup the write-allowed app would itself be protected from being written to by any malware, there's not much harm that this can do. I think.

    Andreas
     
  9. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Okay, I did that. I removed the "Write" checkmark from the mrublaster.exe section. I'll clear the log after examining it and see how it goes. Thanks. Pete
     
  10. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    nah. - I meant select your OP executable, select "Allow Flags" in the dropdown combo and tick WRITE.
    Let Outpost WRITE, but don't let MRUB be written to (Allow flags overwrite block flags).

    Sorry if I didn't make this clearer the first time.
    Andreas
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    Hi guys.

    As the listed of protected and allowed program grows, the thought of retyping everything when upgrading gets worse. :mad: On every uninstall I have faithly deleted pguard.dat. Reading this thread I get the impression that if I save this file, and replace it after upgrading that my block/allow list will be intact from the previous version. Is this correct?

    Pete
     
  12. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    Hi Pete,
    I haven't tried this myself, so take it with a cup of salt:
    Your suggestion should work, but keep in mind that
    a) you'll have to put the backup back in while you're in Safe Mode, else PG won't let anything mess with its current pguard.dat.
    b) say "no" to an eventual (re-)prompt to add standard services etc. after upgrading.
    c) try to get an idea if the upgrade included new "Misc Options" - I don't think the Allow or Block flags will change, nor will pguard's file format in general, but possibly the options where there is only "Close Message Handling" now will be enhanced. If they are, the old pguard.dat (probably) won't work.

    HTHH,
    Andreas
     
  13. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    716
    Location:
    Toronto
    If not covered someplace else, can we just ask Jason to read the old file during an install and then insert the config into the new file format as part of the upgrade/install?
    Basically, if the new file doesn't exist and the old file does exist.
    And, if the new file format exists, don't default to clearing it and starting with only the wizard (leave the wizard as an option).
    This should be fairly high on the priority list in order to facilitate frequent future releases as the other "Wish Lists" are answered.
    (just a thought) Jim
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    I agree. This needs to be high in priority. I tried the little procedure Andreas talked about. Didn't work. I still had to reenter everything I added manually. Grrr.
     
  15. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Ok, the installer DELETES pguard.dat when it's installing. So you need to put your backed up pguard.dat in there AFTER installing. :) . You can hotswap pguard.dat files easily too, simply DISABLE protection in PG and you can now mess with pguard.dat. It doesn't matter if you click "Yes" to adding all the default files, as PG handles this correctly.

    I might also add, that pguard.dat isn't read until a reboot occurs, so if you want the new pguard.dat to be in effect, simply change ANY flag on any process, this makes the driver get the updated data in the new pguard.dat

    Please keep in mind however that future versions may change the pguard.dat format (unlikely but still...) so keep that in mind if you get issues with an old pguard.dat that you may be unable to use it. :)

    -Jason-
     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    Ah. This was the oops. I did remove the pguard.dat, I wanted to save, did the new install, rebooted, and then dropped the backed up pguard.dat into place. I didn't reboot again. WHen it looked like it didn't work, I just did a uninstall, reinstall, and punted.
     
Thread Status:
Not open for further replies.