NAV2004

Discussion in 'ProcessGuard' started by gkweb, Feb 17, 2004.

Thread Status:
Not open for further replies.
  1. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi,

    i have a setting that i have to allow to a NAV component if i believe PG :
    I don't want to block my antivirus (or any other vital security program) so i allow it, but i would want to know what this line means (modify a driver ?) and if other NAV2004 users have noticed this (i have the full bought NAV2004).

    Other thing, NAV detect pgsetup.exe as a spyware ! lol
    "Adware.Ezula".

    :)
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Sorry GK I cannot answer that one as I am not a NAV user, You may have to wait for Jason or Gavin to reply. Norton does like to dig itself in so to speak :)
     
  3. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    more alowances to give now... :doubt:

    I don't like to give so much privileges to my system, but i have to for now...

    I'm still waiting for DCS answer tomorrow or any other NAV2004 users.
     
  4. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Hi GK :).

    Well considering that ccApp.exe:

    and that symredrv is part of the Symantec Redirector (Symredir) which:

    I would say that the two are communicating/updating information between each other, and that is why you are seeing it being logged by PG :).

    Hope that helps,
    Jade.
     
  5. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Thanks you very much for all the details Jade (check your cookies :))
    Ok so ccapp.exe legitimaly need the "driver allow" settings.

    It still remain the service.exe trying to play with NAV components, i'm sure it is legit too, but... i want to know and to control anything on my comp ;)

    EDIT : from files properties, both navex15 and naveng are part of "Symantec Antivirus Engine".
     
  6. Whynot

    Whynot Registered Member

    Joined:
    Feb 8, 2004
    Posts:
    50
    gkweb, yeah, my NAV2004 also highlights pgsetup.exe as a potential threat. My navw32.exe has no allowed privileges or options but is blocked from Write, Terminate, Suspend , SetInfo. No messages in log concerning its activity/attempted activety. HTH
    Cheers
     
  7. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Just in case you misunderstand the "block" settings--and it sounds like you do--when you block Write, Terminate, etc. for navw32.exe, you aren't telling navw32.exe what it can do; you are preventing other (unlisted) applications from performing those actions on nav232.exe.
     
  8. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Yes Nameless is correct, I cannot think that any listed programme that would not have thes blocks & as Nametess correctly states the allows allow listed applications only past these blocks, this helps with compatability issues and of course excessive logging.

    So the basic rules are roughly this-
    All four blocks enabled on the listed programme, watch the logging and where another listed programme is tryingto get access as seen in the logging then adjust the allows as required.
    If the logging shows an unlisted programme trying to acces a listed programme then you can either ignore it or IF trusted add it to the list and make the necessary allows.

    For more help on options please visit the DCS PG pages and read the PG help file.

    Thanks. Pilli
     
Thread Status:
Not open for further replies.