Settings for Outpost

Discussion in 'ProcessGuard' started by rdsu, Sep 26, 2004.

Thread Status:
Not open for further replies.
  1. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Hi,

    I'm using the free version of ProcessGuard 2.0 and want to know what are the best settings to protect the Outpost Firewall Pro?

    I run the Advanced Process Termination 1.9 to test it but the process was killed...

    Thanks
     
  2. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    To protect from all termination methods, you need to enable Close Message Handling (CMH) for Outpost (select Outpost, then Options from the drop-down list at the bottom to see this setting).

    However CMH does not work fully for Outpost (in my tests, Outpost would remain running while the confirmation prompt was up - but whether you confirmed or canceled, Outpost would close afterwards). Nevertheless it can provide good warning that something is amiss.
     
  3. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Hi Paranoid,

    Sorry, but I didn't see that option in Outpost. :(

    And about the settings for the process in Process Guard?

    Thanks
     
  4. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    I meant Outpost's entry in Process Guard's protection list. Sorry for not being more specific.
     
  5. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    After enable that option, I tried the Advanced Process Termination by clicking in 'ALL' and he kills the Outpost without any confirmation prompt...
     
  6. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Does Outpost's entry in PG have the Write, Terminate, Suspend privileges listed as blocked? Is Process Guard reported as active and enabled in the first 2 entries in the Log window? Do you see any mention of apt.exe (either being blocked or allowed) in the Log window?
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi VaMPiRiC_CRoW, For Securely Handle Windows closure (CMH) to wotk properly you need to stop and restart the firewall service, this is because procguard.dll needs to be injected into the services/processs as they start.
    With some services you may need to enable CMH then reboot.
    You can use DCS's Advanced Process Manipulator (APM), Process Explorer or Faber tools to see that the .dll is injected correctly.
    Please note that if you have a process with the permit once stting in the security list then procguard.dll may not be injected, this is known bug and has been reported

    HTH Pilli
     
    Last edited: Sep 26, 2004
  8. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I restart the pc, run the Advanced Process Termination and didn't get any confirmation prompt.

    See the picture:
     

    Attached Files:

  9. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Ah, I see you are using the Trial version Process Guard V2. With version two the .dll injection can be iffy, you need to check that procguard.dll is injected into the outpost process before trying the test. It tworks fine on Server2003 for me but XP SP1 & SP2 can be more problematical.
     
  10. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    At this stage also, rather than hitting All in Apt, test each of the methods and report which ones cause Outpost to terminate.
     
  11. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Paranoid200o, Almost certainly it will be Close message handling, ie. the .dll has failed to be injected.
     
  12. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Oops, cross-posted. Sorry Pilli. ;)
     
  13. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Only the 6, 7 and 8 methods kill the outpost.exe...

    I said that was the free version 2.0 on my first post ;)

    See the picture:
     

    Attached Files:

  14. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Yeh, Missed the V2 bit :oops:
    Anyway onwards - You need to add Procees Explorer to the protection list to see the injected .dll which you cannot do and test another process with the trial.
    You also need to ensure that all four "General blocks" are enabled.

    Try Advanced Process Manipulation (free) from here: http://www.diamondcs.com.au/index.php?page=apm
    This should be able to see the injected .dll

    HTH Pilli
     
  15. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Ok, seeing as you can only add one application in the PG Demo, you would be better off checking if procguard.dll is loaded with Advanced Process Manipulation. Process Explorer needs a driver to work, hence the "unable to query process" message. You would need to also add Process Explorer to Protection List for it to work, but seeing as you can only add one entry for Protection...use APM instead ;).

    Regards,
    Jade.
     
  16. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    :D...lol, sorry mate...beat me to it :).

    Regards,
    Jade.
     
  17. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    :D What a team
     
  18. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Here you have ;)
     

    Attached Files:

  19. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    More info:

    WinXP Pro SP2 | NTFS
     
  20. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Well VaMPiRiC_CRoW, Outpost and getting CMH to work with it is a known problem that Jason will be looking in to and correcting :). Have a read here mate.

    Regards,
    Jade.
     
  21. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    OK, thanks for your support! :)

    I will wait for the 3.0 version :D
     
Thread Status:
Not open for further replies.