No execution protection dialog?

Discussion in 'ProcessGuard' started by Hammer, May 19, 2005.

Thread Status:
Not open for further replies.
  1. Hammer

    Hammer Guest

    When a new application runs, I never get the popup dialog asking me if the application should be allowed to run. PG just blocks it, and I get an error message from windows that it could not create a handle. I always must switch to Learning Mode to let any new application run. There is no button in the allerts window to allow it to start next time either.

    I purchased PG because my computer was acting very strangely despite Zone Alarm, Spy Sweeper and SpyBot and NAV installed. I had to restore a prior configuration every week or my computer wouldn't boot. It is a relatively new machine that has been very flaky since I got it. Reinstalling Windows is too much of a hastle.

    Is my problem do to PG, improper config, conflict, or system compromise?
     
  2. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Do you have block new and changed applications checked? See below.

    Blue
     

    Attached Files:

    • pg.png
      pg.png
      File size:
      65.3 KB
      Views:
      86
  3. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    Hi

    I'm not sure about the acting strange bits. Make sure on the main tab that you untick block new and changed applications. That way you should get pop ups asking if you want the program to run and you can tell PG to remember the decision (assuming that PG is working properly on your comp).
     
  4. Hammer

    Hammer Guest

    You were both right. I guess the instructions are confusing or I'm not so smart. I figured it out right after the post. Thanks.

    More questions:

    1) Why does PG default to allow new applications to modify protected apps?

    2)How do I know when its OK for a program to install global hooks/drivers/services and access memory? In particular I am concerned about MSMSG.EXE which loads itself often and tries to insatll global hooks.
    I have this blocked and everything still works fine.
     
  5. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    I think you'll find that they did that for ease of installation....presuming that PG would be installed on a clean machine.

    PG is a very good protection tool, but it is not a cleaning tool. You may want to run some other scanners on your computer, including

    MS Antispyware
    CWShredder
    Spybot S&D
    Ad-Aware SE
    Ewido
    A2
    perhaps trial versions of Spysweeper, TDS-3 (or Trojan Hunter)
    and some other AV's
    Kaspersky is currently the best AV out there.
    Avast and AVG are free AV's. Their detection rate isn't that good, but always worth a scan <don't run two AV's at once>
    Don't know if Nod32 has a trial, it seems to have the best heuristics of any AV
    Regseeker is a very nice free registry cleaning tool (it finds heaps)
    There are some other scanners, but others will have to advise you on them.

    If msmsgs.exe is blocked and your comp runs fine, I would leave it on that setting. I have mine set to deny always, same for msgsys.exe, and dwwin.exe (the reporting function of Dr Watson).

    With the global hooks setting, if you aren't sure whether to have it on, then simple trial and error will tell you...don't give programs permission, and if they work fine, don't worry about changing it...but at the end of the day, if you know they are clean (and know what they are for eg. they don't have server status for anything), as long as you have them protected with PG they are safe enough to give global hook permissions to them.

    Also, generally speaking if a program needs permissions to bypass the global protection settings, you'll generally get a message saying *.exe tried to install a driver/service in the ALERTS screen. NAV's rtvscan.exe is an example, it needs to install a driver/service to run. Same goes for global hooks and other global protection settings.

    Don't worry, there'll come a stage when PG will never alert you unless you
    1. you want it to. eg. giving Permit Once permissions to an application like rundll32.exe
    2. are installing something (best to either switch it off during this, or turn off your global protection settings)
     
  6. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    The only programs that I give global permissions to are my security programs. I do this because I want to make sure they have all of their services available to them if, and when I am ever attacked. However, since I have KAV, PG, and RegDefend on, nothing has ever happened. :)

    Of course, Windows gets everything it wants when I do updates or installs since I have PG Protection off.

    Rich
     
  7. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Heh, in case you think you're getting contradictory advice, I also agree with Rich's way. I do have some things that don't strictly need permissions that I have given anyway (mostly to stop alerts and because I know they're safe), but I suppose they are few and far between.

    Rich, you'll be happy to know I added Regdefend to my list of security products :)
     
  8. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Vikorr,

    :) I think the person who is really going to be happy is Jason who will be very pleased to know that another very knowlegeable user has decided that RegDefend is a product worth having.

    Cya around,
    Rich
     
Thread Status:
Not open for further replies.