PG and BOClean

Discussion in 'ProcessGuard' started by rerun2, Apr 10, 2004.

Thread Status:
Not open for further replies.
  1. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    I have finally decided to take the plunge with PG on my computer.
    Why I decided to do this while the Wilders PG support forum was down is beyond me heh.

    The main thing i dont like seeing in my log are these types of entries...

    10 Apr 14:27:40 - [P] c:\program files\boclean\boclean.exe [1040] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\program files\processguard\procguard.exe [1296]

    This occurs every time I open a program that I have protected in ProcessGuard's protection list. Is this just a warning or has this action been terminated? If so is BOClean's real time protection now not effective since PG has stopped this action?

    Would I have to set an allowed flag for write, terminate, set info, and suspend for all of my protected programs? Would I be compromising my protection if i did so? Since a malicious type program would now have the same W/T/S/S permissions that BOClean now has? Sorry if this has already been discussed in some other form.

    Do you think it would be possible to specify programs that you want to allow these permissions to? For example... If I protect Firefox... I am allowed to browse and select BOClean.exe and then select whether i want it to have W/T/S/S permissions for Firefox. And I assume since there are MD5 checksums and a user would be warned if a malicious program was executed (and trying to do something bad to BOClean), that there should not be an issue that a trusted app would be used in this way to infect other apps. If that is a good idea i would like to add it to the wishlist :)

    I have also had some blue screen issues with PG installed on my dual PIII CPU. They are random and usually point to ntoskrnl.exe . Blue screens only happened after installing PG and occur maybe 1/8 restarts. One occurred right after the installation reboot. I think I experienced 3-4 total and they usually occur while the icons in the systray are loading.

    I have not however experienced any icons not loading up as they should though. BOClean icon loads as usual as well as the rest. They either all load or I get a bluescreen. If necessary i will try to copy the stop code the next time i get a blue screen.

    Once again sorry if these issues have already been discussed. I am new at this :eek:
     
  2. donsan

    donsan Registered Member

    Joined:
    Feb 5, 2004
    Posts:
    149
    Location:
    grand prairie tx
    if you add all the exe in your bo clean file i believe there are four and just check the first four flags in allowed field you will stop getting all those logs thats what worked for me. good luck
     
  3. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    If you haven't already, I would include procguard.exe and DCSUserProt.exe in BOClean's "program excluder". When I first installed BOClean 4.11, I experienced some blue screens. My fix was to include all my autostarting programs/services in the "program excluder".

    Nick
     
  4. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    Thanks for the suggestions. By doing this, will BOClean be fully operational (like before PG is installed)?
     
  5. donsan

    donsan Registered Member

    Joined:
    Feb 5, 2004
    Posts:
    149
    Location:
    grand prairie tx
    yes i have run a trojan test that kevin told me about and bo clean worked as it should you should have no problem at all.
     
  6. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    Thanks a lot for the info, so far so good. I really appreciate it :)
     
  7. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    Hoping the "program exluder" stores checksums also! Else a trojan could hide from BoClean by replacing one of your exluded files.
    -hojtsy-
     
  8. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Quoting http://www.nsclean.com/supboc.html

    "... BOClean Excluder will appear after this choice and will test the program and develop a unique signature for the program. If it's ever tampered with in the future, BOClean will ALERT you to it being changed, modified, replaced, or otherwise tampered with."

    Nick
     
Thread Status:
Not open for further replies.