How to configure PG?

Discussion in 'ProcessGuard' started by aigle, Mar 9, 2006.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I have few problems to configure PG free.

    Sometimes I want to shutdown some non-responding programme by pressing END TASK from Task Manager, then PG stops this action and I have to manually disable PG first in order to shutdown the programme by task manager.

    I have OA trial running with PG, sometimes PG is giving message " OA is stopped from injecting code in windows exlorer", that means infact PG is stopping from OA to do its duty.

    So how I can configure PG to manage these issues?
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    first u have to manually add task manager (taskmgr.exe; C:\WINDOWS\System32\) to PG's list and give it permission to terminate protected apps. also add OA's executable and let it modify protected apps.
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    thanks, I will try this. So if u give some applications( like OA, AV or task manager) full authority, is it going to decrease your security?
     
  4. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    if task manager has permission to terminate apps and malware hijacks it, then the malware could terminate ur security progs. but im not that paranoid and id rather have the convenience of being able to terminate apps with task manger.
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I reviewd PG and found 2 options to allow the Task manager to terminate any process. We will take an example of firefox. Suppose I want to terminate firefox by task manager and I don,t want PG to interfere in this. So I can authorize Task manager to terminate firefox BUT it will give task manager the authority to terminate any programmes( including my security applications) on my system, and this thing I will not like.

    Second option I can guess could be that I can make firefox unprotected from termiantion by any process, as shown in the attachement below. I uncheck the Teermination Protection for firefox but still PG does not allow task manager to terminate firefox. I am not abble to understand this.
     

    Attached Files:

  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    This is the first option that works but at the same type makes all other programmes vulnerable for termination also.
     

    Attached Files:

    • pg1.JPG
      pg1.JPG
      File size:
      98.4 KB
      Views:
      588
  7. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    if u remove termination protection of firefox.exe, then that means any app not listed in the protection tab can terminate it. if the app is in the protection list, then it still needs authorization to terminate apps. maybe a diamondcs staff member can give more insight to this, i am not entirely sure of my answer myself.
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    It,s really very strange that an application that is in the list has no authority to terminate but an external application has authority to terminate, so what type of security u are going to get by this?
     
  9. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    like i said, im not sure about what i said. do give it a try and see if im right or wrong. u can try process explorer if u need an app to terminate firefox.exe
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    ok, i wil wait for some responce from other users or diamond C.
     
  11. Disciple

    Disciple Registered Member

    Joined:
    Nov 14, 2002
    Posts:
    292
    Location:
    Ellijay, Georgia - USA
    aigle open PG to the Protection tab and think about this:

    Everything on that tab is protected from termination by any application not on that tab, as well as being protected from all of the other threats listed (the Protect from and Other options). Now if nothing on that tab has terminate permission then, as you have found out, you can not terminate a misbehaving app.

    Another thing to keep in mind is that PG is most effective when installed on a known clean system. This way you are able to setup PG so you have the most protection for your critical and security apps. While also having the freedom and flexibility of being able to use your computer in the manner that suits your style best. This is where a protected app having terminate permission comes in to the picture.

    I hope this helps you understand what is going on with the terminate permission, and how PG works.
     
  12. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    The only things on that tab that are protected from termination are those that have Protect this application from termination ticked.

    There shouldn't really be a problem authorising Taskmanager to terminate Protected applications as long as you protect Taskmanager from Modification.

    I don't know why Taskmanager cannot terminate your Firefox if Firefox has the settings shown in your first image. On my machine Taskmanager (without authorisation to terminate) can terminate applications that are not protected. I can't try it with Firefox because I don't have that installed.

    I am a little bit puzzled by your 2nd image Aigle. You state that these settings work but in the 2nd image, Taskmanager is not Authorised to Terminate. You claimed earlier, that when Taskmanager is not Authorised to Terminate it can't terminate Firefox.
     
    Last edited: Mar 10, 2006
  13. Disciple

    Disciple Registered Member

    Joined:
    Nov 14, 2002
    Posts:
    292
    Location:
    Ellijay, Georgia - USA
    :ouch: SpikeyB you are right. I really should not try and answer anyone until I have finished my first cup of coffee in the AM. :p What I wanted to get across was that fact, but I left out the very important part about the applications on the tab must have that protection enabled.

    I'll try and do better next time, thanks for clarifying what I was saying.
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    U can see this image, Taskmanager is not able to terminate IE while IE is not protected from termination( although task amnager has no global authority to terminate( remeber taht task manager has no settings for selective termination authority, it can have a global termination authority or no authority at all). So we give it a selctive termination authority indirectly by removing protection from IE. It is working on your macine as u said but not on mine.


    These
    settings work but I did not use these, because if I authorize task manager to terminate, it realy terminates but then it can terminate anything( that I don,t want so I did not applied this setting on my system). I am not giving task manager a global authority but giving him a restricted authority by removing protection off the IE, and it should work as u said but it is not working on my sytem. I have same settings on my sytem now as I told u, image 1 and image 2, Now as I can understand, task manager should be able to terminate the IE as IE has no protection anymore by PG but it is not working.

    I hope I was able to clarify it.
     

    Attached Files:

    Last edited by a moderator: Mar 10, 2006
  15. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    Hi Aigle, I understand you now. Your PG isn't working the way it would be expected to.

    I'm with you on this one now.
     
  16. FirePost

    FirePost Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    212
    This sounds a little like the discussion we had about protection from modifications. Auto protect applications
    It does sound as if the program on the list is checked for permission to terminate before the protect from termination is checked since the target is a protected application (on the list).
     
  17. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    The question is simple - should you allow terminate for Task Manager. The answer is equally simple, YES

    End Task is interpreted by PG as a terminate method. You must allow Task Manager terminate privileges for it to use End Task, PG is behaving as expected
     
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I understand it very well but my point is other. U see the image in post no. 15 of the thread, I unchecked termination protection for IE, it means that any application( even without having trmination authorization) should be able to terminate IE because IE has no termination protection at all now.

    I will present it in a different way, I will ask if I don,t authorize task manager for termination, then what difference it is going to make if the box {Protect this application from termination } is

    1- checked
    2- unchecked
    I don,t see any diference in both these cases. Then what is the purpose of this box.

    I hope i am able to make it clear.
     

    Attached Files:

  19. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Logic problem, I believe its now fixed. Was probably due to End Task being implemented differently to TerminateProcess. Both are considered terminate! thanks for the posts :)
     
  20. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I am really sorry but I am not able to undrestnd your post at all.
     
  21. FirePost

    FirePost Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    212
    He says, "Thank you." It was a logic error and is fixed for the next release.
     
  22. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    ok, I got it, so next version is going to fix it? if I am not understanding wrong.
     
  23. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    Yes, you are correct.
     
Thread Status:
Not open for further replies.