More holes in SSM Pro?

Discussion in 'other anti-malware software' started by Rasheed187, Jul 11, 2007.

Thread Status:
Not open for further replies.
  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    I can not believe this, is this the Wilders Security Forum or what? Why didn´t anyone check this out yet, shouldn´t be hard to do? :blink:
     
  3. Kenjin

    Kenjin Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    63
    Quickly checked 1) only:

    SSM 2.4.0.618 catches driver install attempt of Process Monitor driver on my end. If you don't get a warning you have probably given services.exe carte blanche for driver installs. Check your ruleset. Process Monitor uses Windows' Service Control Manager to load the driver, thus SSM will see services.exe and not PrcView.exe doing this.

    Can't tell about 2) as the website behind the link does not want to load at the moment.
     
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I have same results as Kenjin. The problem is not with SSM.
     
  5. herbalist

    herbalist Guest

    I use SeaMonkey instead of FF. SSM free does detect IE6 attemting to launch SeaMonkey and vice versa. Should be the same with the pro version.

    Check your parent settings for FF and the child settings for IE. If both are set to "allow", you'll see no alerts. If either one's default setting is set to "ask", look to see if the check box for the other browser is already marked.

    In certain situations, explorer.exe and internet explorer will use rundll32.exe to start another process. Check its parent-child settings in regards to both browsers. Can either parent rundll32 it or be parented by it?
    Rick
     
  6. wat0114

    wat0114 Guest

    Rasheed, check the Advanced Properties of all your Group folders and make sure the "?" is selected for the Parent/Child checkboxes.
     

    Attached Files:

  7. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    wat0114,I am running SSM Pro. and can't figure how you get what you show in your post. I don't see what you show.
     
  8. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Go to the Rules/Applications tab. Right click and select 'Edit Groups'; this will enable you to add a Group (called Network Utilities - if you wish) and you can then add programs (such as IE, Opera etc) to that Group.

    Right click the Group and select 'Advanced Properties' - that will take you to what you see in the screenshot!
     
  9. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Thank you for the help.
     
  10. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Is this confirmed? Is it a case of PBCAK or something else?
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    Hi,

    It´s very strange but I think SSM Pro is a bit corrupted on my VM, for some reason I can only deny or allow a child process, the "?" (or ask option) does not work anymore, strange stuff. And there must have been something wrong because on my real machine because it now does work correctly, if FF is not allowed as a child process, SSM will indeed alert you about it.

    And about the first issue, I think this might has happened because SSM was into "disconnected mode". This is a bit of a problem, I mean, if SSM is disconnected it will only block unallowed executables, but it will allow everything else, including acces to the registry, this must be improved.

    Btw, is LUSHER the new DA?
     
    Last edited: Jul 23, 2007
  12. herbalist

    herbalist Guest

    With the UI disconnected, the free version blocks everything for me, registry, start menu, parent-child, IE settings, etc. I'd be suprised if the free and paid versions behaved that differently. Was this happening in a virtual environment, on a real OS, or both?
    Rick
     
  13. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    The same thing is true for the paid version. Also, when I run in *shadow mode* (using ShadowSurfer, a branded virtualizer) SSM functions just fine -- exactly as it does when it is not in shadow mode. Rasheed's situation, then, is an enigma within a puzzle within a mystery within an anomaly. Sheesh :p
     
  14. herbalist

    herbalist Guest

    I'm suspecting the problem is either from testing SSM in a virtual environment or another security app is/was installed that works at the kernel level and is conflicting with it. With the number of hooks SSM pro sets, it's possible that it's interacting with the virtual environment in unexpected ways.
    Rick
     
Loading...
Thread Status:
Not open for further replies.