Program configuration list :is it right ?

Discussion in 'ProcessGuard' started by paperinik3, Jun 17, 2004.

Thread Status:
Not open for further replies.
  1. paperinik3

    paperinik3 Registered Member

    Joined:
    Aug 10, 2003
    Posts:
    90
    Hello,
    today ccapp.exe (Symantec shared) tried many times to write, terminate, set info and suspend access on tds-3. What should I do ?
    More generally, may I ask you to comment (and point out errors) my Protection list? Many thanks for your help.

    Process Guard v2.000 Protection List
    Date Saved: 16 Jun 2004 at 10:55:16

    Total items in list:- 45

    001 - c:\winnt\system32\winlogon.exe
    002 - c:\winnt\system32\smss.exe
    003 - c:\winnt\system32\csrss.exe
    004 - c:\winnt\system32\wbem\winmgmt.exe
    005 - c:\winnt\system32\drwtsn32.exe
    006 - c:\winnt\explorer.exe
    007 - c:\programmi\internet explorer\iexplore.exe
    008 - c:\programmi\outlook express\msimn.exe
    009 - c:\sistemi di difesa\norton antivirus 2004\nav\external\norton\navapw32.exe
    010 - c:\sistemi di difesa\spybot - search & destroy\spybotsd.exe
    011 - c:\sistemi di difesa\ad-aware 6\ad-aware.exe
    012 - c:\sistemi di difesa\ad-aware 6\ad-watch.exe
    013 - c:\sistemi di difesa\hijackthis\hijackthis.exe
    014 - c:\sistemi di difesa\tds-3\tds-3.exe
    015 - c:\sistemi di difesa\tds-3\execprot.exe
    016 - c:\sistemi di difesa\spywareblaster\spywareblaster.exe
    017 - c:\sistemi di difesa\outpostpro\outpost.exe
    018 - c:\sistemi di difesa\outpostpro\op_viewer.exe
    019 - c:\sistemi di difesa\outpostpro\run_help.exe
    020 - c:\sistemi di difesa\norton antivirus 2004\nav\omigrate.exe
    021 - c:\sistemi di difesa\browser hijack blaster\bhblaster.exe
    022 - c:\programmi\iconoid\iconoid.exe
    023 - c:\programmi\eset\nod32krn.exe
    024 - c:\programmi\eset\nod32.exe
    025 - c:\programmi\eset\nod32kui.exe
    026 - c:\programmi\eset\cfgedit.exe
    027 - c:\programmi\eset\setup\setup.exe
    028 - c:\winnt\system32\taskmgr.exe
    029 - c:\sistemi di difesa\norton antivirus 2004\nav\external\norton\bootwarn.exe
    030 - c:\programmi\giochi\shockmachine\shockmachine.exe
    031 - c:\programmi\openoffice.org1.1\program\soffice.exe
    032 - c:\programmi\file comuni\symantec shared\ccapp.exe
    033 - c:\winnt\system32\rundll32.exe
    034 - c:\sistemi di difesa\processguard\dcsuserprot.exe
    035 - c:\programmi\file comuni\symantec shared\ccevtmgr.exe
    036 - c:\programmi\thinkpad\utilities\tpkmapmn.exe
    037 - c:\programmi\synaptics\syntp\syntplpr.exe
    038 - c:\winnt\system32\mstask.exe
    039 - c:\winnt\system32\lsass.exe
    040 - c:\winnt\system32\internat.exe
    041 - c:\programmi\file comuni\symantec shared\ccsetmgr.exe
    042 - c:\winnt\system32\svchost.exe
    043 - c:\winnt\system32\services.exe
    044 - c:\sistemi di difesa\processguard\procguard.exe
    045 - c:\programmi\winamp 50\winamp.exe

    ---001-----------------------------------------------
    Long Path :- c:\winnt\system32\winlogon.exe
    Short Path :- c:\winnt\system32\winlogon.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Read,Write,Terminate,Suspend,GetInfo,SetInfo
    Option Flags :- None


    ---002-----------------------------------------------
    Long Path :- c:\winnt\system32\smss.exe
    Short Path :- c:\winnt\system32\smss.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Read,Write,Terminate,Suspend,GetInfo,SetInfo
    Option Flags :- None


    ---003-----------------------------------------------
    Long Path :- c:\winnt\system32\csrss.exe
    Short Path :- c:\winnt\system32\csrss.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Read,Write,Terminate,Suspend,GetInfo,SetInfo
    Option Flags :- None


    ---004-----------------------------------------------
    Long Path :- c:\winnt\system32\wbem\winmgmt.exe
    Short Path :- c:\winnt\system32\wbem\winmgmt.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Read,Write,Terminate,Suspend,GetInfo,SetInfo
    Option Flags :- None


    ---005-----------------------------------------------
    Long Path :- c:\winnt\system32\drwtsn32.exe
    Short Path :- c:\winnt\system32\drwtsn32.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Read,Write,Terminate,Suspend,GetInfo,SetInfo
    Option Flags :- None


    ---006-----------------------------------------------
    Long Path :- c:\winnt\explorer.exe
    Short Path :- c:\winnt\explorer.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Read,Write,Terminate,Suspend,GetInfo,SetInfo
    Option Flags :- Allow Global Hooks


    ---007-----------------------------------------------
    Long Path :- c:\programmi\internet explorer\iexplore.exe
    Short Path :- c:\progra~1\intern~1\iexplore.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- None
    Option Flags :- None


    ---008-----------------------------------------------
    Long Path :- c:\programmi\outlook express\msimn.exe
    Short Path :- c:\progra~1\outloo~1\msimn.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- None
    Option Flags :- None


    ---009-----------------------------------------------
    Long Path :- c:\sistemi di difesa\norton antivirus 2004\nav\external\norton\navapw32.exe
    Short Path :- c:\sistem~1\norton~1\nav\external\norton\navapw32.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Write,Terminate,GetInfo,SetInfo
    Option Flags :- Allow Drivers/Service Install


    ---010-----------------------------------------------
    Long Path :- c:\sistemi di difesa\spybot - search & destroy\spybotsd.exe
    Short Path :- c:\sistem~1\spybot~1\spybotsd.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Terminate,GetInfo
    Option Flags :- Allow Drivers/Service Install


    ---011-----------------------------------------------
    Long Path :- c:\sistemi di difesa\ad-aware 6\ad-aware.exe
    Short Path :- c:\sistem~1\ad-awa~1\ad-aware.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Terminate,GetInfo
    Option Flags :- Allow Drivers/Service Install


    ---012-----------------------------------------------
    Long Path :- c:\sistemi di difesa\ad-aware 6\ad-watch.exe
    Short Path :- c:\sistem~1\ad-awa~1\ad-watch.exe
    Blocked Flags :- Write,Terminate,Suspend,GetInfo,SetInfo
    Allow Flags :- Write,GetInfo,SetInfo
    Option Flags :- Allow Drivers/Service Install


    ---013-----------------------------------------------
    Long Path :- c:\sistemi di difesa\hijackthis\hijackthis.exe
    Short Path :- c:\sistem~1\hijack~1\hijack~1.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Terminate,GetInfo
    Option Flags :- Allow Drivers/Service Install


    ---014-----------------------------------------------
    Long Path :- c:\sistemi di difesa\tds-3\tds-3.exe
    Short Path :- c:\sistem~1\tds-3\tds-3.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- None
    Option Flags :- Close MSG Handling


    ---015-----------------------------------------------
    Long Path :- c:\sistemi di difesa\tds-3\execprot.exe
    Short Path :- c:\sistem~1\tds-3\execprot.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- None
    Option Flags :- Allow Global Hooks,Allow Drivers/Service Install


    ---016-----------------------------------------------
    Long Path :- c:\sistemi di difesa\spywareblaster\spywareblaster.exe
    Short Path :- c:\sistem~1\spywar~1\spywar~1.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- None
    Option Flags :- Allow Drivers/Service Install


    ---017-----------------------------------------------
    Long Path :- c:\sistemi di difesa\outpostpro\outpost.exe
    Short Path :- c:\sistem~1\outpos~1\outpost.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Write,Terminate,Suspend,GetInfo,SetInfo
    Option Flags :- Allow Global Hooks,Allow Drivers/Service Install


    ---018-----------------------------------------------
    Long Path :- c:\sistemi di difesa\outpostpro\op_viewer.exe
    Short Path :- c:\sistem~1\outpos~1\op_vie~1.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- None
    Option Flags :- Allow Drivers/Service Install


    ---019-----------------------------------------------
    Long Path :- c:\sistemi di difesa\outpostpro\run_help.exe
    Short Path :- c:\sistem~1\outpos~1\run_help.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- None
    Option Flags :- Allow Drivers/Service Install


    ---020-----------------------------------------------
    Long Path :- c:\sistemi di difesa\norton antivirus 2004\nav\omigrate.exe
    Short Path :- c:\sistem~1\norton~1\nav\omigrate.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Read,Write,Terminate,Suspend,GetInfo,SetInfo
    Option Flags :- Allow Drivers/Service Install


    ---021-----------------------------------------------
    Long Path :- c:\sistemi di difesa\browser hijack blaster\bhblaster.exe
    Short Path :- c:\sistem~1\browse~1\bhblas~1.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Read,Write,Terminate,Suspend,GetInfo,SetInfo
    Option Flags :- Allow Drivers/Service Install


    ---022-----------------------------------------------
    Long Path :- c:\programmi\iconoid\iconoid.exe
    Short Path :- c:\progra~1\iconoid\iconoid.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Read,Write,Suspend,GetInfo,SetInfo
    Option Flags :- Allow Global Hooks


    ---023-----------------------------------------------
    Long Path :- c:\programmi\eset\nod32krn.exe
    Short Path :- c:\progra~1\eset\nod32krn.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Read,Write,Terminate,Suspend,GetInfo,SetInfo
    Option Flags :- Allow Global Hooks,Allow Drivers/Service Install


    ---024-----------------------------------------------
    Long Path :- c:\programmi\eset\nod32.exe
    Short Path :- c:\progra~1\eset\nod32.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Read,Write,Terminate,Suspend,GetInfo,SetInfo
    Option Flags :- Allow Global Hooks,Allow Drivers/Service Install


    ---025-----------------------------------------------
    Long Path :- c:\programmi\eset\nod32kui.exe
    Short Path :- c:\progra~1\eset\nod32kui.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Read,Write,Terminate,Suspend,GetInfo,SetInfo
    Option Flags :- Allow Global Hooks,Allow Drivers/Service Install


    ---026-----------------------------------------------
    Long Path :- c:\programmi\eset\cfgedit.exe
    Short Path :- c:\progra~1\eset\cfgedit.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Read,Write,Terminate,Suspend,GetInfo,SetInfo
    Option Flags :- Allow Global Hooks,Allow Drivers/Service Install


    ---027-----------------------------------------------
    Long Path :- c:\programmi\eset\setup\setup.exe
    Short Path :- c:\progra~1\eset\setup\setup.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- None
    Option Flags :- None


    ---028-----------------------------------------------
    Long Path :- c:\winnt\system32\taskmgr.exe
    Short Path :- c:\winnt\system32\taskmgr.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Terminate,GetInfo,SetInfo
    Option Flags :- Allow Global Hooks


    ---029-----------------------------------------------
    Long Path :- c:\sistemi di difesa\norton antivirus 2004\nav\external\norton\bootwarn.exe
    Short Path :- c:\sistem~1\norton~1\nav\external\norton\bootwarn.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- None
    Option Flags :- None


    ---030-----------------------------------------------
    Long Path :- c:\programmi\giochi\shockmachine\shockmachine.exe
    Short Path :- c:\progra~1\giochi\shockm~1\shockm~1.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- None
    Option Flags :- Allow Global Hooks


    ---031-----------------------------------------------
    Long Path :- c:\programmi\openoffice.org1.1\program\soffice.exe
    Short Path :- c:\progra~1\openof~1.1\program\soffice.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- None
    Option Flags :- Allow Global Hooks


    ---032-----------------------------------------------
    Long Path :- c:\programmi\file comuni\symantec shared\ccapp.exe
    Short Path :- c:\progra~1\fileco~1\symant~1\ccapp.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- None
    Option Flags :- Allow Drivers/Service Install


    ---033-----------------------------------------------
    Long Path :- c:\winnt\system32\rundll32.exe
    Short Path :- c:\winnt\system32\rundll32.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- None
    Option Flags :- Allow Global Hooks


    ---034-----------------------------------------------
    Long Path :- c:\sistemi di difesa\processguard\dcsuserprot.exe
    Short Path :- c:\sistem~1\proces~1\dcsuse~1.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Read,Write,Terminate,Suspend,GetInfo,SetInfo
    Option Flags :- None


    ---035-----------------------------------------------
    Long Path :- c:\programmi\file comuni\symantec shared\ccevtmgr.exe
    Short Path :- c:\progra~1\fileco~1\symant~1\ccevtmgr.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Read,GetInfo
    Option Flags :- None


    ---036-----------------------------------------------
    Long Path :- c:\programmi\thinkpad\utilities\tpkmapmn.exe
    Short Path :- c:\progra~1\thinkpad\utilit~1\tpkmapmn.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- None
    Option Flags :- Allow Global Hooks


    ---037-----------------------------------------------
    Long Path :- c:\programmi\synaptics\syntp\syntplpr.exe
    Short Path :- c:\progra~1\synapt~1\syntp\syntplpr.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- None
    Option Flags :- Allow Global Hooks


    ---038-----------------------------------------------
    Long Path :- c:\winnt\system32\mstask.exe
    Short Path :- c:\winnt\system32\mstask.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Read,Write,Terminate,Suspend,GetInfo,SetInfo
    Option Flags :- None


    ---039-----------------------------------------------
    Long Path :- c:\winnt\system32\lsass.exe
    Short Path :- c:\winnt\system32\lsass.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Read,Write,Terminate,Suspend,GetInfo,SetInfo
    Option Flags :- None


    ---040-----------------------------------------------
    Long Path :- c:\winnt\system32\internat.exe
    Short Path :- c:\winnt\system32\internat.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- None
    Option Flags :- Allow Global Hooks


    ---041-----------------------------------------------
    Long Path :- c:\programmi\file comuni\symantec shared\ccsetmgr.exe
    Short Path :- c:\progra~1\fileco~1\symant~1\ccsetmgr.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Write,Terminate,Suspend,SetInfo
    Option Flags :- None


    ---042-----------------------------------------------
    Long Path :- c:\winnt\system32\svchost.exe
    Short Path :- c:\winnt\system32\svchost.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Read,Write,Terminate,Suspend,GetInfo,SetInfo
    Option Flags :- Allow Drivers/Service Install


    ---043-----------------------------------------------
    Long Path :- c:\winnt\system32\services.exe
    Short Path :- c:\winnt\system32\services.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- Read,Write,Terminate,Suspend,GetInfo,SetInfo
    Option Flags :- Allow Drivers/Service Install


    ---044-----------------------------------------------
    Long Path :- c:\sistemi di difesa\processguard\procguard.exe
    Short Path :- c:\sistem~1\proces~1\procgu~1.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- None
    Option Flags :- Close MSG Handling,Allow Global Hooks


    ---045-----------------------------------------------
    Long Path :- c:\programmi\winamp 50\winamp.exe
    Short Path :- c:\progra~1\winamp~1\winamp.exe
    Blocked Flags :- Write,Terminate,Suspend,SetInfo
    Allow Flags :- None
    Option Flags :- Allow Global Hooks
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hello paperinik3,
    You should give ccapp.exe Allows for write, terminate, set info and suspend, this will stop the logging,
    As ccapp.exe is on your protection list and TDS3 has "Close message handling" enabled you would get an Human Interface if ccapp tried to close TDS3.
    ccapp is probably trying to check TDS3 as part of it's monitoring function, this is quite normal I believe.

    HTH Pilli
     
  3. paperinik3

    paperinik3 Registered Member

    Joined:
    Aug 10, 2003
    Posts:
    90
    Thank you Pilli, I'll do that. Bye!
     
Thread Status:
Not open for further replies.