services.exe .. problem with outpost 2009 pro

Discussion in 'other firewalls' started by computing, Aug 15, 2008.

Thread Status:
Not open for further replies.
  1. computing

    computing Registered Member

    Joined:
    Aug 15, 2008
    Posts:
    1
    I have a little problem with outpost firewall....
    i hope someone here would be kind enough to shed some light on my issue as i am by no means an expert myself :)

    I noticed when i launched a program called darkspy "anti rookit" that outpost as expected showed me a prompt to allow this new programe to run "as i had just downloaded it" i allowed darkspy to run ... however to my surprise darkspy just opened i received no warning like i was expecting to for a "driver" to load

    i did a little bit of poking around and found out the reason for this is that darkspy uses Services.exe to launch its driver services is a windows trusted component .. some applications seem to launch their driver themselves by their own exe file ... so applications like that would issue a prompt for driver loading.. but programs or MALWARE that uses the services.exe method to launch drivers would be auto trusted on my system and possibly other peoples systems too

    A solution to this would be to use the "allow once rule" services.exe each time it wants to load a driver of another application .. a simple fix .. however an annoying one, who wants to see popups for the same apps all the time

    as i have now noticed a fair few of the programs i use .. load their driver using services.exe i now have to use the allow once rule on every occasion i launch any of these apps, as if i was to globally allow services.exe .. any malware would be free to load a driver unnoticed by outpost


    i guess my questions are .. as i said i am no expert ..

    what applications if any would allow a rule to be created to keep and eye on what processes have previously accessed services.exe and used it to load a driver .. so that auto rules could allow trusted apps to have access to services.exe but new apps would still issue a prompt when accessing services.exe ... o_O that would seem to me like a better way of doing things "less pop ups"

    I can see this was simply just my mistake in trusting services.exe in the first place .. i was not previously aware of this issue i guess the more knowledgeable people among us would of known not to trust services globally... :oops:

    any comments welcome :thumb:
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.