Running System Safety Monitor with Process Guard.

Discussion in 'ProcessGuard' started by Pilli, Jan 5, 2004.

Thread Status:
Not open for further replies.
  1. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Running System Safety Monitor with Process Guard.

    SSM version 1.9.4 Beta
    PG version 1.150
    OS. XP Pro:

    If you do not protect SSM with PG constant logging will occur by PG as SSM scans running apps.

    Below is a screanie of PG showing the SSM set up which prevents endless PG logging:
     

    Attached Files:

  2. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    for me, ssm and pg don't seem to get along.. when ssm is protected by PG, i first notice an ssm window popping up during shutdown, then after that my computer starts rebooting when i press "shut down". ssm seems to run ok along with PG when it is not protected by PG.
     
  3. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    As long as you give the other program (SSM in this case) ALLOW privileges then there shouldn't be any issues :)
    And then if you also want to protect that program from various process attacks (termination, code modification etc), then you can also add BLOCK flags :)
     
  4. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    I have PG set up like Wayne said and it is working great ;).......but, I can't have close message handling enabled for SSM.

    Regards,
    Jade.
     
  5. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    agree with Bowserman and Wayne, SSM and PG works great together, but because SSM popups are windows, the close message handling is not handy for SSM and even quite annoying.
    But such protection could be added by the author itself :)
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    I have the new PG 1.200 Beta under test & was wondering if now that SetWindowsHook is enabled by default will SSM need CMH anyway?

    BTW SWH appears to be working well with no visible resource use. I still have quite a few other checks to make and one nit not yet analysed. I have not had any BSOD's on start up & procguard.exe attaches without any problems do far.
     
  7. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Yes Close Message Handling is still needed, because it's different than SetWindowsHookEx and that SSM can be closed that way.

    However i don't use CMH on SSM because SSM popups often and i have a CMH window each time :doubt:

    I have written to the author about this issue.

    (he Pilli, isn't my english better ? :) )
     
  8. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    @GK
    Never noticed it was bad ;) I would say improved from good to better :)
     
  9. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hello,To all

    Well need someone to help me i just installed
    Ver 1.150 but i don't get it how do you know
    what to add i did try adding say PGP & then
    i closed it but i did not see anything happen

    what is it that i should be looking for to happen
    anyone at all well you all have a great one

    Good luck :D
     
  10. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Rojas, As a guide, add all applications that are covered by your firewall rules - Browsers, email clients, AV, AT & firewall itself, except ZA (which has protection)
    + The defaults that are included when you first start PG

    HTH Pilli
     
  11. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hey,Pilli

    Ok i see what you are saying but i also see
    this in options Allow Flags so how do you
    know what to add to this option & once it
    is added what do i allow oh all that i have
    been adding are exe files no dll files do i
    add all the dll files to the exe's i add to PG

    Thank you :rolleyes:
     
  12. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Right I'll try and explain it as I see it, no doubt DCS programmers will correct me if wrong :)

    When you add an .exe to the list a .dll file cannot (under normal circumstances} be injected into the .exe's memory space.

    In options ,Blocked & Allow only applies to listed .exe's and Allow overides the blocked flag - Thus stopping a lot of undiserable logging.

    Close Message Handling will stop any protected .exe being closed by most methods and requires a Human input via the Human Interface before closure is allowed.
    You can try this out using DCS's Advanced Process Termination available here: http://www.diamondcs.com.au/index.php?page=products
    Ensure that Protection & General Protection option are all enabled

    So rule of thumb leave exe's standard blocking, watch the logging and add allows to the ones that show a lot of logging.

    The default settings on the default list are agood example:

    The new version 1.200 is under beta test at the moment and adds further enhancements including control of SetWindowsHookEx + fixes for driver contention & dos path issues
     
Thread Status:
Not open for further replies.