In pg there are four choices of protection, that u can enable, can u tell me is there any of the four that i should have enabled, or does pg have enough protection already without enableing these settings. thanks the mul
Hi Mul, If you are talking about Protection - General protection options Then I have them all ticked. These are the ones that protect against End task, .dll injection, rootkits etc. I have had no problems using them all. When you list a program you will see what you need to change in the allow options by watching the window log, these allows are only active on listed programmes so that programmes can work together when listed. If you see that a programme in the Window log & that is not listed, trying to do things repeatedly, provided it is a trusted application, it is probably best to add it to the list and then give the necessary allows. Quite often a non listed programme may try to set global hooks but only a few times when started, usually these need not be listed and rarely cause aproblem.
Here is an example: Netcaptor, which is an IE addon, tries to create Global hooks at the beginning of my session today. This is the licenesed version and AFAIAA has know phone homes. I have noticed no detrimental effects running Netcaptor like this since PG 1.200 was installed. I have emailed Netcaptor support to see if they can tell me why these hooks are required. 26 Jan 12:54:44 - [HOOK] c:\program files\netcaptor\netcaptor.exe [2572] was blocked from creating a global hook [00000007][00000000] 26 Jan 13:02:35 - [HOOK] c:\program files\netcaptor\netcaptor.exe [2572] was blocked from creating a global hook [00000007][00000000]
Thanks for all your help pilli, yes i was talking about the general protection options and i will follow your advise. your help was much appreciated the mul
No problems Mul, Always ask as we are all on a learning curve with PG at the moment A lot going on under the hood so to speak!
I had a reply from Adam of NetCaptor So I will add Net captor to the PG list and give it just local allowances And I sent him DCS's URL for explanations.
Thanks Wayne, As NetCaptor connects to the net I have added it to the list, should I enable "Allow global hooks" As, if I do, I no longer get the window logging?
I'm not familiar with the NetCaptor program myself but because the developer is only using WH_MOUSE and because the developer has responded to your support request regarding that I'd say it'd be safe to allow it to use global hooks. That's not to say that WH_MOUSE is harmless - it still allows for the DLL to be loaded into all processes that have user32.dll (at which point they might choose to terminate the process theyve attached to, as an example), so just be aware of that, but in this particular case the program seems ok to give it that privilege. Here are the documented hook types: -1 = WH_MSGFILTER 00 = WH_JOURNALRECORD 01 = WH_JOURNALPLAYBACK 02 = WH_KEYBOARD 03 = WH_GETMESSAGE 04 = WH_CALLWNDPROC 05 = WH_CBT 06 = WH_SYSMSGFILTER 07 = WH_MOUSE 08 = WH_HARDWARE 09 = WH_DEBUG 10 = WH_SHELL 11 = WH_FOREGROUNDIDLE 12 = WH_CALLWNDPROCRET 13 = WH_KEYBOARD_LL 14 = WH_MOUSE_LL For a description of each Windows Hook type (WH_xxx), see the SetWindowsHookEx documentation at Microsoft
Thanks again Wayne, Think it will take a while for all the information regarding an applications use of hooks before all the necessary PG rules can be fine tuned Having said that, I shall err on the side of caution and dissallow hooks unless I find doing so is detrimental to the functions I use. One of the beauties of Process Guard is the ease with which one can see all various calls being made using the real time windows log and the pglog.txt file.