PG and ewido security suite

Discussion in 'ProcessGuard' started by Oremina, Apr 17, 2004.

Thread Status:
Not open for further replies.
  1. Oremina

    Oremina Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    209
    Location:
    England
    Any experts out there have the answer to this?

    There are two exe files in ewido security suite, SecuritySuite.exe and updater.exe. I have both of them in Program Protection.

    Every time I do an update (and that is very often), I get the following entry in my PG log:-

    [P] c:\program files\ewido\securitysuite\updater.exe.temp [2472] tried to gain WRITE access on c:\program files\ewido\securitysuite\securitysuite.exe [2500]

    I have SecuritySuite.exe with Allow privileges Write, Terminate, Suspend, Set Info

    and on updater.exe Allow privileges of Write.

    (Do not know if this is the correct way to go about it, would appreciate advice about what Allow privileges should be set?).

    The point here is that the exe that tries to write to SecuritySuite.exe is a TEMP file (updater.exe.temp) and as such is not in Program protection.

    It would appear then, that this is the way ewido do their downloads and that there is no answer to stopping the above log entry of the updater.exe.temp trying to Write.

    Does anybody else have this problem and does anybody know how to stop this happening?

    :oops:
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Re: PG and ewido scurity suite

    Hi Oremina, If these are just single entries and your updates are as they should be I would not worry about it as these are just transient logs from what appears to be a transient .exe
    I only start looking if I get repetitive logs from a particular programme which might require extra allows.
    Having said that, Jason may know how to stop this sort of logging.

    HTH Pilli
     
  3. Oremina

    Oremina Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    209
    Location:
    England
    Hi Pilli

    Thnks for quick reply. One thing I've wondered about is when it says "tried to gain WRITE access". Well, seeing as the updates always go well and nothing is actually stopped I have to assume that WRITE access was actually gained??

    When I have seen this sort of report in the logs, nothing has actually been stopped has it? For example, if you put a new program into program protection, it will tell you what needs to be Allowed, won't it? This I understand. So we then change Allow privileges to stop these log entries happenening by allowing whatever privileges are needed. This stops the spurious log entries,
    but it doesn't stop the action (if you see what I mean), that is to say "tried to gain WRITE access" is not the same as saying "stopped WRITE access", is it? although on the face of it the two things mean the same...
    Hope you can get the gist of what I'm trying to say here, 'tho I'm making a good job of confusing myself. Basically I'm just trying to get my head round some of the concepts of Allow privileges in PG.

    o_O
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Most of the transient logs are usually bad programming, the app in question probably does not need to write to the process but has been told that it might do, this also occurrs with the other allow and block privileges.
    Providing there are no detrimental effects I would not worry about it. :)
     
  5. Oremina

    Oremina Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    209
    Location:
    England
    OK Pilli - much appreciated. :)
     
Thread Status:
Not open for further replies.