Question about OA HIPS

Discussion in 'other anti-malware software' started by aigle, Oct 19, 2008.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Can anyone tel me what does trusted and untrusted applications
    mean in OA HIPS. If I change a trusted application to untrusted, its all
    permissions are lost but if I mark an untrusted application to trusted
    I don,t see any change in its permissions.

    Thanks
     
  2. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi aigle,

    OA will not monitor behavior of a trusted apps as it does for an untrusted one

    Regards,

    MaB
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks. It was simple but I could not get it, was just lost in checking permissions in advanced options.

    Thanks again.
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Ok, can u tel what is the difference between the two:

    1- Protect from remote code control( i guess it means memory modification, remote thread creation etc. Am I correct?).
    2- Protect from remote data modification

    Thanks
     
  5. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    Hi Aigle,

    If you look at those Advanced options, changing a program to trusted changes the default action to Allow All. Changing a program to Unknown, changes the default action to Ask.
     
  6. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    This from OA's on-line help.
     
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hmmm.... thanks. I anted to know in terms of pop up. I mean what type of pop ups these actions will generate like memory modification, create remote thread, etc etc.

    Thanks
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    True

    On changing a program from untrusted to trusted, default actions for advanced options in this case remain marked as Ask though infact I get no more pop ups. Do you get the same findings?

    Thanks
     

    Attached Files:

    Last edited: Oct 20, 2008
  9. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    Never seen settings like these. Will post screenshots later.
     
  10. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Your pics are from OAs 'Standard Mode'. OA Free only offers this mode, with OA paid you can switch to 'Advanced Mode' (and 'Banking Mode').
    However, in 'Standard Mode' you can only choose Allow, Block or Ask (n/a) and if you 'Trust' a programm all these 'Permissions' are kind of bypassed, or like OA Help tells us "These settings will not be enforced on Trusted programs."
    http://www.tallemu.com/webhelp3/Programs.html#advanced

    Cheers
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hmmm... i was thinking in that case they will also be shown as Allow rather than Ask.
     
  12. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    I would interpret the ? (n/a) as not-applicable and therefore ignored which is what you would expect for a trusted program. The ? is a bit misleading. I agree, it would be better if it was shown as Allow.
     
  13. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi aigle,

    You can trust a prog (do what it want after execution) but may be you wich to control when it executes (ask)

    MaB
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    OA intercepts all executions in my experience unless allowed by rules or white list. A bit similar to NG.
     
Loading...
Thread Status:
Not open for further replies.