Permit once?

Discussion in 'Ghost Security Suite (GSS)' started by tonyjl, Dec 7, 2005.

Thread Status:
Not open for further replies.
  1. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    As AD logs the cmd line of appz such as svchost (see below),does that mean we can 'allow always'? or should we keep them as 'permit once' like in PG?
     

    Attached Files:

    Last edited by a moderator: Dec 7, 2005
  2. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    Guess not,i'll leave them in permit once mode then :ninja:
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    You should be able to give those apps that create a command line the "Allow always" as the rule is for scvhosts only to allow the precise process as shown in the command line. As far as I know this is also applies to rundll32.

    HTH Pilli
     
  4. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    Thanks Pilli,
    Now all we need are the cmd lines to give permit once to :) . Have any ideas on where to look for info what cmd lines are used to do certain actions,for certain services,etc,etc.
     
Thread Status:
Not open for further replies.