I have recently been playing around with SMH and have come across a problem. I have successfully managed to configure SMH for the LooknStop firewall, but have come across a problem. If I start the on-line help from within the LnS program, then when I try to quit the help window (by clicking X in title bar) I get the SMH confirmation dialog, even though I haven't configured it for the help. I assume it's because LnS is the parent process and so PG sees it as me trying to close LnS . Any solutions to this problem ? PS. This aside, I think SMH should be more configurable. eg. it should be possible to disable the X title bar handling, while still having customized SMH confirmations. The reason - Some apps allow you to minimize to the tray when clicking on the X (eg. KAV) so you wouldn't want confirmation in this instance. However, you might still want SMH on this app for a menu item in it's tray icon. I have also placed this in the PG Feature Request sticky thread.
Hi Defenestration, I am not familiar with L & S but hopefully GKWeb will advise. What I can suggest is that you carefully read the help file about Secure Message Handling's learning mode. One thing about programs that throw up an HID when you use daughter processes is to ensure that when you complete the HID to only say "OK" and NOT "OK to All" - Clicking "OK to all" can effectively unload procguard.dll and you will then be able to close the whole program normally i.e. without an HID. SMH is generally very stable now and uses some very clever tricks to acheive it's aims. BTW KAV nor ZA really need SMH enabled as they already well protected, closing the GUI normally does not disable them. Cheers. Pilli
It's possible to disable Real-Time protection of KAV by right-clicking the tray icon and selecting "Disable Real-Time Protection" which is what I want to protect with SMH. I don't want to protect the X in the title bar though, since that only minimizes to the tray.
I've remember reading somewhere that it is quite easy to bypass KAV's password feature, and Kaspersky admit themselves that the password feature is mainly to stop casual users from changing preferences.
For that to happen then the malware would need to run an .exe and or keylogger, ProcessGuard would question or stop both before they could run. Your suggestions about SMH are, of course, valid but as with any security you the operator have to make the final judgements and yes it does involve a little more work.
