PG Settings

Discussion in 'ProcessGuard' started by redwolfe_98, Dec 16, 2003.

Thread Status:
Not open for further replies.
  1. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    i decided to add all of the "processes" that i usually have running (shown as running in task manager) to PG's list of protected programs. i followed dcs's default settings for other prosesses and have the first four boxes checked in the "black flag" section.. to try to avoid any conflicts, i have all of the boxes checked in the "white flag" section for all of the protected processes. since procguard.exe's running is not required for PG to function, i unchecked "close message handling" for it.. however, when i try to use the "close message handling" option with other processes, i frequently have the box popping up "are you sure you want to close xxx?", when i wasn't trying to close anything, .
     
  2. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    please bear in mind that you are being confronted with "magic under the hood" process manipulation. As an example, when I boot, Keriio asks me to shut down o_O Ok, "whatever you want", and everything is nornal again.
    Dolf
     
  3. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    i just wanted to report the issue with "close message handling" so that maybe it could be looked into and improved upon, since it doesn't seem to function the way that it should. i had one incident today where i had infinite boxes popping up "are you sure you want to close xxx?", stopped by shutting down the computer.
     
  4. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    I understand what you mean.
    Some applications have multiple windows. Although a number of them you will never see. When a process is going to shut down all underlying windows have to be closed to. Thats why you get in PG's verification-window the choice: CLOSE or CLOSE ALL. if your choice is CLOSE then you will be asked that question again (and maybe again etc)
     
  5. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    Hi all,
    the problem with close message handling is that these messages are used by all sorts of apps for all sorts of things, and not all actually mean "close the program". Right now PG has no way of finding out if it has just intercepted such a message that is used to shut down the app, or one that is used in normal operation of it. Nor can it know "who" sent the message - so it alerts on every such message it encounters and requires a user confirmation. Better safe than sorry. But it is indeed quite tiresome sometimes - which is why they say to use CMH only for those processes that you know go well along with it (or take the pain of all those confirmations).

    Examples of harmless close windows messages: Closing of startup splash screens, QuickInfo popups, Updater windows, ...

    (almost every control is a window, and when a window is supposed to be closed, a "wm_close" message is sent to it. Then PG intercepts, gets a confirmation, forwards the message to the window it is meant for, and then that decides if it just removes the splash screen, lets the QuickInfo disappear or shuts down the application altogether...)


    HTHH,
    Andreas
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Redwolf_98,
    The Human Interface using CMH is only beta & must be used with care.

    Yours & others feedback will enable the DCS team to fine tune & enhance PG, so thanks for your input :)

    PG's Help file does point this out as follows:

     
  7. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Close Message handling only occurs for "Top Level" windows so normal button, edit controls, etc, won't be intercepted by the Close Message Handling. Generally only the windows who have buttons on the taskbar will be intercepted. Nevertheless in some apps they have 10's of hidden windows that if they weren't hidden would have taskbar buttons. You might say why don't you not intercept messages for those hidden windows then? Well a trojan/malware might then just hide the window of an app it wants to close and it will succeed.

    Thanks for your feedback regarding it.

    -Jason-
     
  8. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    i am having a problem with using the "close message handling" option with "system safety monitor". when i try to close ssm, infinite boxes start popping up. . as long as i don't try to close ssm, then there isn't a problem, so i guess i can work around that problem. the one other thing is, when i boot up, PG asks me if i want to close my kerio 2.15 firewall.. (whether i say yes or cancel, the firewall is not closed). that too is just a little thing that i can work around for the time being. p.s. i figured out that the thing with kerio is due to kerio's splash screen.
     
Thread Status:
Not open for further replies.