Learning mode gives Modify privileges?

Discussion in 'ProcessGuard' started by cjtc, Oct 2, 2004.

Thread Status:
Not open for further replies.
  1. cjtc

    cjtc Registered Member

    Joined:
    Apr 16, 2004
    Posts:
    22
    Location:
    Swindon, UK
    Very pleased with PG3 in general.

    However, I'm a little surprised that my Protection tab shows that all the protected programs are allowed "Modify" privileges. Is this really correct?

    The vast majority of these protected programs were added to the list in Learning Mode.

    [​IMG]
     

    Attached Files:

  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi cjtc and welcome, Yes that is the default settings, you have to remember that any allows only apply to protected listed items so it is very safe. You can, of course, remove those allows if you so wish but watch the alert log and check that you do not upset your machine's functionality.

    HTH Pilli
     
  3. cjtc

    cjtc Registered Member

    Joined:
    Apr 16, 2004
    Posts:
    22
    Location:
    Swindon, UK
    Many thanks Pilli. Yes, that helped a lot.
     
  4. bosung

    bosung Guest

    From "DCS" words, PG3Bn's learning mode is powerful to know ones as run request which rights.
    I guess that many commercial applications designed and coded using available libraries - there have been flaws among of those. On GRC.com, it is to see that windows os' most components have been in that way, even "wordpad.exe" run as a "DCOM", for example. That's why it is not strange why PG users seeing things like that.
    ?
     
  5. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    bosung,
    in principle you're right, but AFAIU modify privileges are granted to programs that find their way onto the protection list in learning mode regardless of whether they need it or not. What you're saying applies to terminate rights and to the extra rights (access phys. memory, install driver and global hooks). Read and Modify are really granted "by default" - and that's a good thing to do to avoid many trouble for unexperienced users (and still safe as the programs that have those modify privileges are themselves protected from being messed with), but it is something more experienced users might want to look after and tweak a bit...

    Andreas
     
Thread Status:
Not open for further replies.