Human verification getting annoying

Discussion in 'ProcessGuard' started by djg05, May 20, 2005.

Thread Status:
Not open for further replies.
  1. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    I keep getting the Human verification dialogue coming up and it is bugging me. I really do not know what it is trying to say. It says do you want this to happen without saying what is about to happen.

    This really concerns BOClean, Avast & Netveda which I have given all priveleges to. Reading the help file it implies that it you don't want it to happen then cancel, but it just keeps popping up. It gives the name of the file but I have no idea what it is about to do. I thought that it would learn that these apps are trusted - it seems not so.

    Can someone help out here before I chuck it.
     
  2. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    There are a number of ways to 'teach' PG. My PG is virtually silent.

    The easiest way (it's best if you know your machine is clean when you do this), is to put PG in Learning Mode (in the MAIN tab), and run every program of yours once....and if you have a program that has multiple parts Eg a anti-spyware program, you need to run each part of the AS as well.

    After you've done this, you should go untick Learning Mode, which means any future/further executables have to be approved by yourself.

    The other way do your settings manually as they appear. If you find you change your mind about whether you want to give an application permission to always run, you can go to your SECURITY tab and set the permissions to deny/permit once/always.

    PG won't tell you what these files do when a popup appears, which is a downside. To find out what each file is, a simple search of google will find you the information (a pain I know, but trust me, PG is very much worth the effort of learning).

    Personally, PG never gives me popups anymore...but it did take me a while to work out the best settings for it.
     
  3. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Thanks Vikorr - I will take another look at it.
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi djg05, ProcessGuard does not include the Human Interface Device (HID) in it's normal learning mode but HIDs are capable of learning, this is to with the way that GUI Windows are closed.
    Secure Meassage Handling (SMH), which cause an HID to pop up, should only be applied to a program that has a Graphical User Interface (GUI) ie. a window.
    For instance TDS3 has it's main .exe called TDS-3.exe which has a window ie. the main console this is what you would apply SMH to and not other utilities run from within the main console such as Update

    Here are the basics of setting up SMH taken from the help file:

    Custom Message Verification
    Can defeat User Imitation attacks

    Usually ProcessGuard will only ask for human verification when you click on the X button of one of your programs. However if you tried to exit an application by going to the File Menu then clicking on Exit or by clicking on a custom button which exit's the application, you may find ProcessGuard didn't request your verification before closing down. Or you may find that even if you cancel the verifications that ProcessGuard does display, that the application still closes down.

    You can fix this issue by holding down the INSERT key on your keyboard, whilst you click your mouse on a menu item, or button. Now the next time you click on that button or on that menu item, ProcessGuard will request your verification. By holding down the INSERT key you are allowing ProcessGuard to learn that there is other ways that this application can use windows messages to close itself. ProcessGuard will then protect the application from any malicious application which may use these custom messages.

    You can theoretically allow ProcessGuard to learn any menu item or button you want, it doesn't necessarily need to be a button or menu item which closes the application. There could be a menu item which disables your firewall's protection for instance, by holding down INSERT and clicking on it, you are making sure that only you can disable your firewall, not a malicious program.

    If you want to remove any custom messages you made ProcessGuard learn, simply remove Secure Message Handling from the application. This clears ProcessGuard's knowledge of the custom messages for the application. You can then enable it again immediately if you want the feature back on, but the custom messages you defined will be gone for that application.

    This custom message verification is enabled for any application which has Secure Message Handling enabled for it, all you need to do is hold down the INSERT key and click on a button or menu item to activate this feature.
     
  5. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Unfortunately SMH does require a bit more work here in that it triggers whenever a popup window is closed for a protected application - e.g. on Outpost I get the confirmation box after every Rules Wizard and Component Control prompt, requiring Cancel to be selected twice after each one. Using the Learning facility makes no difference to this. This also makes SMH unusuable with System Safety Monitor (which can issue numerous prompts when first installed) which is a great pity.

    Unfortunately DiamondCS' attentions seem focused now on TDS-4. While I can't begrudge the TDS junkies their fix (they've had to wait long enough... :D) it does suggest that any improvements to SMH may be a while coming...
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Secure Message Handling regarding OP2 and System Safety Monitor can do as P2K says due to the nature of these programs, having said that both OP2, SSM and many other security programs also have Password protection which, if invoked, will give good protection against unwanted GUI closure.

    Pilli :)
     
  7. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Heh, secure message handling DOES make your system more secure, however for those that also value their peace and quiet....

    I don't have it turned on myself :)

    That I suppose is one reason why I have multilayered protection (also have PrevX Pro, Regdefend, Trojan Hunter, and NAV...plus some on demand scanners and tools)
     
  8. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Thanks for all the help. As you say, I found that I still had pop ups in learing mode. I have got so fed up with it that I have uninstalled it and asked for a refund. It clearly does not suit me. It was a bad buy.
     
  9. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Was your first post and is not consistant with this:
    So I am now confused about what you were actually seeing. :)
    If PG is installed and run in learning mode then after the first reboot you enable the four global protection options and then run all your programs you will get no alerts that need attention until after the third reboot.
    Programs will be given the permisions they require to run correctly. The only time you will get alerts after that is for new programs that are run or for programs that you have run but not used all of their utilities which may throw up an occaisional alert.
    Please clarify your initial statement about Human verification as I can see that I may have misunderstood your original post. :)
     
  10. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Sorry if you are confused. I thought I was consistent <g>

    The first post stands.
    Even after putting it into learning mode and rebooting I was still getting the pop up and could not clear the series by cancelling. There is just no information as to what process is being questioned. No doubt more experienced users will have a better understanding of what is going on. Also there is no way that I could put this on to my Wife's computer as would completely throw her.

    If you end up fighting with software it is best to get rid of it and find something you are better able to handle.
     
  11. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Djg05,

    Go through the Other Options column in your PG Protection list and check for anything with the Secure Message Handling option set. Removing it where present should prevent the popups in future (the programs in question will need to be restarted for the change to take effect though).

    The verification window should also include the name of the process concerned on the first line.
     
  12. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Thanks

    Yes it does, but there is no indication of what it is going to do or what maybe done to it.
     
  13. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    If it reports the program name then simply remove SMH for that program in the PG Protection tab. Your query was that you did not know which program had this setting, correct?

    As for "what maybe done to it", SMH kicks in when a window is closed (e.g. if you clicked on the X button at the top right, if present). In most cases this closes the application but this depends on the program.
     
  14. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    It comes out of the blue so to speak. It mostly concerns Avast, Netveda & BOClean. The latter receiving the most. In none of them have I initiated any action, so I do not know what action is being started/stopped.
     
  15. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Have you enabled SMH for any of these? If so, remove it.
     
  16. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Easiest way to sort this out, is to go through each program on your PROTECTION tab, and uncheck Secure Message Handling (inthe bottom right corner) where relevant. Don't use SMH for anything, as it's obviously not for you (as I said previously, I don't use it either).

    PG would be a much more user friendly application if it just had a libary of common processes explaining what company a process belongs to and what it does...unfortunately it doesnt have this ability at this stage.

    That said...the popups should get less and less frequent the longer you have it...as I said, mine is virtually silent.

    Btw...it took me two days of playing around with it, and reading the web (doing google searches on individual programs) before I got it set up the way I wanted the first time. Now I know what I want, and it takes about 30min to set up if I ever reinstall (done so once).

    It truly is a very good protective program, but it does take a bit of work the first time you ever use it.
     
  17. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    PG 3.150 does - click the question mark to the right of the Remove Applications button on the Protection tab. The full list is somewhat short but it is a start.
     
  18. war59312

    war59312 Registered Member

    Joined:
    Nov 30, 2002
    Posts:
    72
    Location:
    U.S.A
    Hey,

    Speaking of secure message handling.

    Issue a WM_DESTROY and WM_NCDESTROY at the same time and the application will still close even if you dont allow it.

    One application that does this is Ad Muncher when you click close on the main menu.

    cya,
    Will
     
  19. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Will,
    Have you officially reported this to DCS as a bug ?
    They may not read every thread in here....
     
  20. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    Hi Pilli how are you. Haven't made a debut in some time so here goes.

    PG has the typical characteristics of a female. We males love them and want to have them around all the time but can never seem to quite understand how they function. Like women, PG can be very confusing. Just when you think you've got it all figured out it will throw a tantrum leaving you bewildered and confused again.

    In all probability it's most likely that programs like Boclean are updating and after the update, usually daily, PG detects a change in the file and therefore sees it as a NEW or DIFFERENT program from the one you initially gave consent and requests again your permission for it to run.

    PG can be like a nagging wife but anyone who's used to being nagged every minute of everyday very quickly develops an affinity for PG. If you're still single then you shouldn't take back PG for a refund - it's a good preparation for marriage!!!

    Dave

    Dave
     
  21. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Nonsense. :) Unlimited use can be yours for just US$39.95! :D PG also lacks all the other typical characteristics of women! :p

    Guess it's now time to disappear before the Wilders' Women try tracking me down. Thank goodness for anonymising proxies... :)
     
  22. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    I'm fine Dave thanks. I am glad I have three computers and only one wife ;)
     
  23. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    Paranoid,

    If you know what's good for you you'll be on the next Space Shuttel otherwise you and I might just become the first men on mars to get there without the need of a spaceship!!

    Loved it! Loved it!! Let's ask DCS to create a version of PG that we can use to 'allow' 'disallow' our woman's 'processes'.

    Woman about to nag - 'allow or disallow' - permanent disallow

    Programs to protect - husband, husband's wallet, husband's mistresses

    Protect applications from termination - doing laundry, washing dishes, cleaning, making dinner.

    Block unwanted rootkit

    Signing off - see you on Mars!!

    Dave
     
  24. war59312

    war59312 Registered Member

    Joined:
    Nov 30, 2002
    Posts:
    72
    Location:
    U.S.A
    Of course. :D
     
  25. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Thanks for all the help with this. I uninstalled the prog and re-installed starting afresh. This time not selecting SMH for anything. I did not relate SMH to Human Verification which was the cause of my problem.

    Now it is running quietly.

    According to support, SMH should never be enabled, it is only for the ultra paranoid!
     
Thread Status:
Not open for further replies.