small feature resquest : windows shutdown detection

Discussion in 'ProcessGuard' started by gkweb, Dec 3, 2003.

Thread Status:
Not open for further replies.
  1. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    It's about closing windows feature, wouldn't it be possible that PG detects Windows OS terminating (reboot, shutdown) and stop to ask code to close windows which it is protecting ?

    Indeed when i reboot, PG ask me a code to close ccapp.exe (norton AV) and if i'm too slow to type the code explorer want to kill the process :-/
    (yes it's funny that NAV which asks a password to close it or desactivate auto protect or even modifying options could be closed by this attack...)

    If windows is terminating, no need of the protection ?
     
  2. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    still not in the v1.15, will it be done or is it something not relevant or which brings risks ?
     
  3. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    When you shutdown there is a timeout that windows get before the OS will kill them (Windows XP is 5 seconds by default) so Close Message Handling shouldn't be enabled for anything that doesn't need it - or you should consider this before using it. But we are open to suggestions on how better to handle certain application windows and will cooperate with other vendors.
     
  4. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Well when Windows is shutting down normally there is no reason why you would want your programs to remain protected. Whilst the Close Message Handling stuff appears, the reason it disappears is because a program you have given ALLOW access has terminated that program after the timeout. So theoritically you could stop it from being terminated by not giving whatever is terminating it ALLOW access :) .

    It is possible for each program to get a notification when Windows is shutting down, and when it is the Start Button-Shutdown method this message is sent, if a Window does not want to shut down it handles this message and returns 0. If it is a forced shutdown however this message isn't sent.

    Currently there is no reason to protect programs from being shutdown when the system is logging off, I can't see a way a program could take advantage of this because programs can't startup when shutting down. :)

    -Jason-
     
  5. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    I think it's because my bad english you didn't understand me : - /

    _Indeed_, when windows is shutting down there is no reason at all to protect a program, it is exactly what i wanted to say.
    But what i said too, is that i protected "ccapp.exe" (NAV) from beeing terminated while windows is running by malicious program (if it is killed my NAV icon in the system tray disappears, so i guess my NAV auto protect), and to protect this process leads to the pb i stated while windows is shutting down : i mean that a protection which is needed while windows is running isn't anymore needed when it is shutting down.
    However, PG still ask me to allow to close ccapp.exe.

    I hope to have made less english errors this time :)
     
  6. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Hi gkweb, yes this explains it better. I don't know if there is a SECURE method to determine if Windows is shutting down or not. We would need one that could not be faked by a trojan. We will take a look into this.

    -Jason-
     
Thread Status:
Not open for further replies.