PG Doesn't Like Drag-and-Drop

Discussion in 'ProcessGuard' started by spm, Feb 29, 2004.

Thread Status:
Not open for further replies.
  1. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    If Windows Explorer (explore.exe) is a protected app, ProcessGuard objects to any application that attempts to use OLE drag-and-drop to an Explorer window (incl. the desktop).

    If you try this, you'll get a whole series of "WRITE, TERMINATE, SET INFO, SUSPEND" blocks logged.

    That said, so far as I can see the drag-and-drop operations appear to complete properly, but it would be nice if the PG warnings could be eliminated.
     
  2. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    can we have a sample of your logs ?
     
  3. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Sure. Here's a selection created when dragging an attachment out of Outlook to the desktop:

    29 Feb 09:14:50 - Window Log Started
    29 Feb 15:58:02 - [P] c:\program files\microsoft office\office11\outlook.exe [1524] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\program files\internet explorer\iexplore.exe [10940]
    29 Feb 15:58:02 - [P] c:\program files\microsoft office\office11\outlook.exe [1524] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\program files\internet explorer\iexplore.exe [10940]
    29 Feb 15:58:02 - [P] c:\program files\microsoft office\office11\outlook.exe [1524] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\program files\internet explorer\iexplore.exe [10940]
    29 Feb 15:58:02 - [P] c:\program files\microsoft office\office11\outlook.exe [1524] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\winnt\explorer.exe [1200]
    29 Feb 15:58:03 - [P] c:\program files\microsoft office\office11\outlook.exe [1524] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\winnt\explorer.exe [1200]
    29 Feb 15:58:03 - [P] c:\program files\microsoft office\office11\outlook.exe [1524] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\winnt\explorer.exe [1200]
    29 Feb 15:58:03 - [P] c:\program files\microsoft office\office11\outlook.exe [1524] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\winnt\explorer.exe [1200]
    29 Feb 15:58:03 - [P] c:\program files\microsoft office\office11\outlook.exe [1524] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\winnt\explorer.exe [1200]
    29 Feb 15:58:03 - [P] c:\program files\microsoft office\office11\outlook.exe [1524] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\winnt\explorer.exe [1200]
    29 Feb 15:58:03 - [P] c:\program files\microsoft office\office11\outlook.exe [1524] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\winnt\explorer.exe [1200]


    The same happens with any app that suports OLE drag/drop.
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Steve,
    I have Outlook 2003 as a trusted programme in my PG list with the default blocks and first four allows.
    I also add any trusted programme that has external access to the internet. :)
     
  5. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Hi Pilli: Yes, but that doesn't really address the issue. By that argument, every application which supports drag-and-drop needs to be made trusted (and access to the internet is irrelevant to that). This doesn't make sense, and isn't what PG is for, I believe.
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Sorry Steve Forgot to say I was looking at your log, I do not have any drag & drop problems with PG, maybe because I am running 1.320.
    Hopefully the new version will address your problem :)
     
  7. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    OK, understood. Well, if 1.320 does address the issue then that's great. If 1.320 is due out imminently I'll get to see. If not, I'd be happy to beta-test if that would help.
     
Thread Status:
Not open for further replies.