services.exe .. problem with outpost 2009 pro

Discussion in 'other firewalls' started by computing, Aug 15, 2008.

Thread Status:
Not open for further replies.
  1. computing

    computing Registered Member

    Aug 15, 2008
    I have a little problem with outpost firewall....
    i hope someone here would be kind enough to shed some light on my issue as i am by no means an expert myself :)

    I noticed when i launched a program called darkspy "anti rookit" that outpost as expected showed me a prompt to allow this new programe to run "as i had just downloaded it" i allowed darkspy to run ... however to my surprise darkspy just opened i received no warning like i was expecting to for a "driver" to load

    i did a little bit of poking around and found out the reason for this is that darkspy uses Services.exe to launch its driver services is a windows trusted component .. some applications seem to launch their driver themselves by their own exe file ... so applications like that would issue a prompt for driver loading.. but programs or MALWARE that uses the services.exe method to launch drivers would be auto trusted on my system and possibly other peoples systems too

    A solution to this would be to use the "allow once rule" services.exe each time it wants to load a driver of another application .. a simple fix .. however an annoying one, who wants to see popups for the same apps all the time

    as i have now noticed a fair few of the programs i use .. load their driver using services.exe i now have to use the allow once rule on every occasion i launch any of these apps, as if i was to globally allow services.exe .. any malware would be free to load a driver unnoticed by outpost

    i guess my questions are .. as i said i am no expert ..

    what applications if any would allow a rule to be created to keep and eye on what processes have previously accessed services.exe and used it to load a driver .. so that auto rules could allow trusted apps to have access to services.exe but new apps would still issue a prompt when accessing services.exe ... o_O that would seem to me like a better way of doing things "less pop ups"

    I can see this was simply just my mistake in trusting services.exe in the first place .. i was not previously aware of this issue i guess the more knowledgeable people among us would of known not to trust services globally... :oops:

    any comments welcome :thumb:
Thread Status:
Not open for further replies.