Programs still starting after being denied!

Discussion in 'ProcessGuard' started by Untouchable J, Apr 24, 2005.

Thread Status:
Not open for further replies.
  1. Untouchable J

    Untouchable J Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    53
    Today I got a prompt from PG(full) asking me to allow or deny mcvsmap.exe from starting...I clicked to always deny this application since I've disabled Mcafee AV's virus map reporting feature (useless and a waste of memory IMO). When I open task manager I see the same process have been allowed and was currently running! So I granted task manager termination rights real quick and tried to terminate the process.....nothing happens! o_O Not knowing why its not working I just restarted my computer to make sure the process is not running.....

    This happened to me twice so far for mcvsmap.exe and defrag.exe. Why is PG still allowing these processes to run even after denying access?? This worries me since a malicious process could prob. do the same thing to run.

    Thanks

    -J
     
  2. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    J,

    A screen shot of precisely what you are seeing may be of help here. It might take a few shots to completely convey the message.

    Blue
     
  3. Untouchable J

    Untouchable J Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    53
    Pic 1
    Pic 2

    (Sorry for the very small pics, I havent installed my image editing programs yet so I had to use mspaint)

    From logfile:

    The process still runs after being denied always.... :doubt:

    -J
     
  4. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Just in case it is this... have a look in the PG security tab and look for the executable and see if the "Last Action" column shows "Permit Once (Unable to ask user)"

    And yes before you ask, a malicious program could make use of this loophole to execute during boot without explicit permission. I would expect that it would be denied access to perform protected actions unless explicitly authorised (but I haven't actually tested that myself)

    Was 08:18 a time when you were booting the machine (or logging in) ?
     
    Last edited: Apr 26, 2005
Thread Status:
Not open for further replies.