Question about OA HIPS

aigle · Oct 19, 2008

Can anyone tel me what does trusted and untrusted applications
mean in OA HIPS. If I change a trusted application to untrusted, its all
permissions are lost but if I mark an untrusted application to trusted
I don,t see any change in its permissions.

Thanks

MaB69 · Oct 19, 2008

aigle said:

Can anyone tel me what does trusted and untrusted applications
mean in OA HIPS. If I change a trusted application to untrusted, its all
permissions are lost but if I mark an untrusted application to trusted
I don,t see any change in its permissions.

Thanks
Click to expand...

Hi aigle,

OA will not monitor behavior of a trusted apps as it does for an untrusted one

Regards,

MaB

aigle · Oct 19, 2008

Thanks. It was simple but I could not get it, was just lost in checking permissions in advanced options.

Thanks again.

aigle · Oct 19, 2008

Ok, can u tel what is the difference between the two:

1- Protect from remote code control( i guess it means memory modification, remote thread creation etc. Am I correct?).
2- Protect from remote data modification

Thanks

hammerman · Oct 19, 2008

aigle said:

Thanks. It was simple but I could not get it, was just lost in checking permissions in advanced options.

Thanks again.
Click to expand...

Hi Aigle,

If you look at those Advanced options, changing a program to trusted changes the default action to Allow All. Changing a program to Unknown, changes the default action to Ask.

hammerman · Oct 19, 2008

aigle said:

Ok, can u tel what is the difference between the two:

1- Protect from remote code control( i guess it means memory modification, remote thread creation etc. Am I correct?).
2- Protect from remote data modification

Thanks
Click to expand...

This from OA's on-line help.

Remote code – Changes whether Online Armor will allow the program to control other programs that are running on your computer. Clicking this option will allow you to configure Online Armor to allow or restrict the program from controlling specific programs, any program, or to pop-up (ask) when it happens.

Remote data modification – Changes whether Online Armor will allow the program to modify the data being held in virtual memory by another program. Clicking this option will allow you to configure Online Armor to allow or restrict the program from modifying data of specific programs, any program, or to pop-up (ask) when it happens.

Click to expand...

aigle · Oct 20, 2008

Hmmm.... thanks. I anted to know in terms of pop up. I mean what type of pop ups these actions will generate like memory modification, create remote thread, etc etc.

Thanks

aigle · Oct 20, 2008

hammerman said:

Changing a program to Unknown, changes the default action to Ask.
Click to expand...

True

hammerman said:

If you look at those Advanced options, changing a program to trusted changes the default action to Allow All.
Click to expand...

On changing a program from untrusted to trusted, default actions for advanced options in this case remain marked as Ask though infact I get no more pop ups. Do you get the same findings?

Thanks

hammerman · Oct 20, 2008

Never seen settings like these. Will post screenshots later.

subset · Oct 20, 2008

aigle said:

On changing a program from untrusted to trusted, default actions for advanced options in this case remain marked as Ask though infact I get no more pop ups. Do you get the same findings?
Click to expand...

Your pics are from OAs 'Standard Mode'. OA Free only offers this mode, with OA paid you can switch to 'Advanced Mode' (and 'Banking Mode').
However, in 'Standard Mode' you can only choose Allow, Block or Ask (n/a) and if you 'Trust' a programm all these 'Permissions' are kind of bypassed, or like OA Help tells us "These settings will not be enforced on Trusted programs."
http://www.tallemu.com/webhelp3/Programs.html#advanced

Cheers

aigle · Oct 21, 2008

subset said:

if you 'Trust' a programm all these 'Permissions' are kind of bypassed, or like OA Help tells us "These settings will not be enforced on Trusted programs."
http://www.tallemu.com/webhelp3/Programs.html#advanced
Click to expand...

Hmmm... i was thinking in that case they will also be shown as Allow rather than Ask.

hammerman · Oct 21, 2008

aigle said:

Hmmm... i was thinking in that case they will also be shown as Allow rather than Ask.
Click to expand...

I would interpret the ? (n/a) as not-applicable and therefore ignored which is what you would expect for a trusted program. The ? is a bit misleading. I agree, it would be better if it was shown as Allow.

MaB69 · Oct 21, 2008

aigle said:

Hmmm... i was thinking in that case they will also be shown as Allow rather than Ask.
Click to expand...

Hi aigle,

You can trust a prog (do what it want after execution) but may be you wich to control when it executes (ask)

MaB

aigle · Oct 21, 2008

MaB69 said:

Hi aigle,

You can trust a prog (do what it want after execution) but may be you wich to control when it executes (ask)

MaB
Click to expand...

OA intercepts all executions in my experience unless allowed by rules or white list. A bit similar to NG.

Log in or Sign up

Question about OA HIPS

aigle Registered Member

MaB69 Registered Member

aigle Registered Member

aigle Registered Member

hammerman Registered Member

hammerman Registered Member

aigle Registered Member

aigle Registered Member

Attached Files:

10-20_0077.jpg

10-20_0078.jpg

hammerman Registered Member

subset Registered Member

aigle Registered Member

hammerman Registered Member

MaB69 Registered Member

aigle Registered Member

Log in or Sign up

Question about OA HIPS

aigle Registered Member

MaB69 Registered Member

aigle Registered Member

aigle Registered Member

hammerman Registered Member

hammerman Registered Member

aigle Registered Member

aigle Registered Member

Attached Files:

10-20_0077.jpg

10-20_0078.jpg

hammerman Registered Member

subset Registered Member

aigle Registered Member

hammerman Registered Member

MaB69 Registered Member

aigle Registered Member

Useful Searches