PG set-up to protect NIS2004?

Discussion in 'ProcessGuard' started by Baldrick, Apr 14, 2004.

Thread Status:
Not open for further replies.
  1. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,301
    Location:
    South Wales, UK
    Hi there

    As a newbie to Process Guard I was wondering if any one out there could/would be able to advise me as to (i) what executables I should add to PG's list to be protected and (ii) what privileges I should Allow/Block in each case, with regard to protecting the key components of NIS2004, ie, the firewall, IDS & AntiVirus components?

    Any help/advice would be gratefully accepted.

    Many thanks in advance.


    Baldrick
     
  2. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, Baldrick


    I Will not be of a lot of help as I do not Symantec Products.

    But this is what a serch found:-
    https://www.wilderssecurity.com/showthread.php?t=26529&highlight=2004

    Hope this is of some help.
    TheQuest :cool:
     
  3. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Here is what I have set up for NIS 2004. You will find them in various folders of NIS 2004. On all of these I have:

    BlOCKED FLAGS for Write, SetInfo, Terminate, Suspend.
    ALLOW FLAGS for Write, SetInfo, Terminate, Suspend, GetInfo, Read.
    OPTIONS to Allow Global Hooks.

    For IDSLU.EXE, IDSCOLU.EXE and SYMLCSVC.EXE I also have Allow Drivers/Services Install as well as Allow Global Hooks in OPTIONS.

    PLEASE NOTE: I had to TURN OFF "Block Global Hooks" in General Protection because it seems to cause NIS 2004 to fail to randomly fail to load on system reboot. This is a problem that I think Jason is working on for the next release.

    Here are the pgms:

    CCAPP.EXE
    CCEVTMGR.EXE
    CCPROXY.EXE
    CCPWDSVC.EXE
    CCSETMGR.EXE
    SMNLNCH.EXE
    SNDSRVC.EXE
    SYMLCSVC.EXE
    SBSERV.EXE
    URLLSTCK.EXE
    SAVSCAN.EXE
    NAVAPW32.EXE
     
  4. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,301
    Location:
    South Wales, UK
    Hi Quest

    Thanks for the link. I will wade through the detail. A great help.

    Regards



    Baldrick
     
  5. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,301
    Location:
    South Wales, UK
    Hi siliconman01

    Thanks very much for the information. I will set it up and give it a try. By the way do you know anywhere that I can get some more detailed information on the General Protection options? The Help document (unless I am missing something) is not as explanatory as I would have hoped..........or is it that I am new to all this and just learning. In any case additional information in this area would be useful.

    Thanks in advance.

    Regards



    Baldrick
     
  6. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    The Help file in PG is the only documentation I am familiar with. You might create a thread on the forum asking for a more detailed explanation. Jason, Wayne and others are very helpful in explaining things such as this.
     
  7. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,301
    Location:
    South Wales, UK
    Hi siliconman01

    Had thought about that and may try. However, if I may abuse of your kindness with another question? Do the components of LiveUpdate need to be given the appropriate permissions to update the components of NIS2004 that have been set to be protected by Process Guard? Unfortunately I cannot try this as I am up to date re. any Symantec component updates at the moment. Is this something that you have come across or has caused you a problem?

    Once again, thanks for any help/advice that you can provide.

    Regards



    Baldrick
     
  8. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    I have set IDSLU.exe and IDSCOLU.exe to have full permissions because Symantec Liveupdate may be a program update, a driver update, and other elements of NIS 2004 as well as the antivirus/security definition files. You have no forewarning as to what is going to come in a LiveUpdate from Symantec. With this setup I have not seen any conflicts with PG and any LiveUpdate...they occur smoothly.

    HTH
     
  9. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,301
    Location:
    South Wales, UK
    I must be thick or something but IDSLU.exe and IDSCOLU.exe reside in \SymantecShared\IDSDefs that I thought related to the IDS component. What about the .EXEs that reside in \Program Files\Symantec\LiveUpdate? Do not any of these need to have full permissions? I appreciate you point about not having seen any conflicts to date but was just wandering.

    Any thoughts?

    Regards


    Baldrick
     
  10. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    I have not seen any operational need or conflict NOT having the items in folder c:\documents and settings\all users\application data\symantec\LiveUpdate OR c:\program files\symantec\LiveUpdate in PG... (sorry for the double negative).

    Also once you have things set up in PG, you might be able to test it today because there is a Symantec liveupdate available if you manually initiate LiveUpdate. It's a program update apparently.
     
    Last edited: Apr 16, 2004
Thread Status:
Not open for further replies.