Newbie Questions - lots to come ;)

Discussion in 'ProcessGuard' started by Blackspear, Nov 24, 2004.

Thread Status:
Not open for further replies.
  1. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    What's the difference between Protection and Security? As in I see a lot, if not all applications in Security are also in Protection. I understand the protection side of things, is Security just where you can right click and give the process more commands?

    Cheers :D

    The new guy ;) :D
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi BlackSpear, The security list is where every file executable is given an MD5 hash when it is executed, the security list options are quite simply Permit once, Permit Always, Deny once & Deny Always plus the ability to view the .exe properties and also add the .exe to the protection list.
    This method is used so that any new or changed .exe is shown to the user prior to it being run.
    So in learning mode all your programs would be added to the list. When learning mode is disabled any changed or new .exe's will request permission to run.
    The protection list is mainly for system, security and Internet enabled processes where you can control exactly what flags each process is allowed or blocked from and also adds the ability to stop anything from killing or modifying the protected process.

    HTH Pilli
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thanks Pilli, there will be more questions to come ;) :D

    Cheers :D
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    I am sure there will be :D

    Here is a part of my protection list. This set is "tweaked" a little by me as an experiment in stability, I am cutting out as many allows as possible to try and determine a minimalist set up that still works, this work is still in progress. :eek:
     

    Attached Files:

  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Here is another showing the security list in action and the various options. :)
     

    Attached Files:

  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thanks Pilli, here's another one for you. I started Snagit up and captured a screen shot, next I get a warning about a Global Hook, when I check the warning the box to allow the Global Hook, it is greyed out, why? I didn't have a problem with it not being allowed, so I don't know its purpose...

    Cheers :D
     

    Attached Files:

    • Grey.gif
      Grey.gif
      File size:
      46.6 KB
      Views:
      423
    Last edited: Nov 24, 2004
  7. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    You are in learning mode, so any alerts are automatically "allowed" for you. Basically the program clicks that button for you as soon as the alert occurs so you don't need to. :)
     
  8. LuckMan212

    LuckMan212 Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    252
    Hi Blackspear!

    by clicking that box, you have enabled the "allow global hooks" option for that particular app (Snagit). This can be viewed on the "Protection" tab. After doing this, PG should no longer alert you about that particular program wanting global hooks.

    I have another thread over here where I have noticed that sometimes, clicking that box doesn't work. Seems to be a lingering UI bug.

    have fun with PG! :D
     
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thank you, and LuckMan212 thanks as well.

    No doubt more questions will be forthcoming ;) :D

    Cheers :D
     
  10. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    OK, next in line. What am I doing wrong, tried installing Belarc Advisor 6.1f, permit once, got error message, permit always, error message, unticked Block new change in applications, same error message, tried learning mode, yup, you guessed it, same error message.

    What am I doing wrong?

    Cheers :D
     

    Attached Files:

  11. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi Blackspear,

    Belarc Advisor installs a driver. The easiest way to deal with it is to disable PG protection before you install it and enable it again once the Belarc setup is complete. You could also only disable Block Rootkit/Driver/Service Installation under Global Protection Options.

    Nick
     
    Last edited: Dec 2, 2004
  12. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    You might also get a rundll32.exe error when you run Belarc. You will have to temporarily give rundll32.exe Access Physical Memory permission for Belarc to run successfully.

    Nick
     

    Attached Files:

  13. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thanks Nick, I ended up unticking protection (as per screen shot), that fixed my Prevx install problem, same with Belarc, it is now installed, however it comes up blank.

    Cheers :D
     

    Attached Files:

  14. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    I use RegRun and it intercepts the following scripting when Belarc runs. If I allow it with RegRun, IE (XP SP2) then prompts for permission to allow Active Content/ActiveX. If I allow it with IE, I then get a fully functional Advisor report in IE.

    Nick
     

    Attached Files:

  15. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Sorry this didn't help. I have IE settings fairly well at default, as I use Firefox. When Belarc opens IE it just comes up blank.

    Cheers :D
     
  16. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Blackspear, Do you have IE in your protection list with the "allow access to physical memory" enabled? As sometimes this may be necessary.
    You might also try allowing IE to install global hooks.
    A way you may be able to find out what is causing the problem is by disabling the four general tabs in PG and if your program then works re-enable them one at a time them unti it stops working.

    Cheers. Pilli
     
  17. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thanks Pilli, I shall try that and come back to you :D

    Cheers :D
     
  18. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Another thing, are you sure you have all of Belarc Advisor 6's processes on your protection list? As some prgrams have more than one especially if they run as a service such as NOD32, Giant etc.

    Pilli
     
  19. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Nope, not sure of anything ;) Other than I really like PG3 :D

    Plodding my way through it at the moment :D

    Cheers :D
     
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    Hi Blackspear

    What version of XP, servicepack and version of IE are you running. Are you running as an Administrator? When I first installed Belarc had the same blank IE come up and had to actually go find the HTM file belarc built and double click on it. Had installed with PG in learning mode. THen after update to XP Pro SP2, it mysteriously started working fine.

    Pete
     
  21. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Ok, next question, placing a system into learning mode over a period of say 1 week, do I leave all ticks in place and just add learning mode, or am I best to untick everything and place a tick in learning mode.

    I want to do this so PG3 learns what is used on 20 or so PC's over a period of time, then I'll go back and remove learning mode and PW protect PG3.

    Cheers :D
     
  22. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi, Not sure if that is a good idea as every process and executable will be added to the Prot list and the security list. If you do, make sure there is no Internet connection to be safe.
    Yes, do it with the general tabs enabled otherwise you may find some programs will not run properly after a reboot.

    HTH Pilli
     
Thread Status:
Not open for further replies.