System Safety Monitor 2.0.0 beta 1

Discussion in 'other anti-malware software' started by dukebluedevil, Sep 19, 2005.

Thread Status:
Not open for further replies.
  1. EASTER.2010

    EASTER.2010 Guest

    Well said :thumb: herbalist and all others in support of this SUPER-APP!!

    Very Impressed with the constant attention they have put into it's entire development and the stability is like a dream-come-true! Don't remember another app that is restored my own confidence the way this one is proving out to be. Worth every dime and dollar which really isn't many compared to what it offers! and as compared to plenty of others that still leave you HITTABLE and EXPLOITABLE
     
  2. Maji

    Maji Registered Member

    Joined:
    Apr 26, 2006
    Posts:
    33
    I don't know if this is the proper thread to ask this in, but I am testing the newest version of SSM at this moment (as a prelude to purchasing it so I can add at least one modern functional version to my archive), and I decided to test its process termination protection methods by running Advanced Process Termination v3.0 from DiamondCS against it. I found that it was able to block all of the suspension/termination methods EXCEPT Kill #8 (the one that uses SC_CLOSE). Is there any option within SSM at the present time to stop this kill method, as well? Thanks. :)
     
  3. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    At the moment, only Process Guard can counter this as far as I know, and only with its Secure Message Handling option enabled for the protected application (which pops up a Human Confirmation box for such termination attempts).
     
  4. Maji

    Maji Registered Member

    Joined:
    Apr 26, 2006
    Posts:
    33
    I see. So that's where secure message handling comes in....cool. :)

    Thanks for the quick response.

    Hopefully, future versions of SSM will also be able to handle this termination method.

    Edit: I also noticed that this version of SSM does not start as a system service. When was system service functionality removed from SSM? Can anyone give me an approximate version number range in which this change occured? Thanks. :)
     
  5. herbalist

    herbalist Guest

    Regarding SSM being started as a service, I believe this was implemented in version 565. Earlier versions used the RUN key. On older operating systems (9X), it caused the default ruleset to be loaded on all user profiles. It's only been in the last couple versions they've gone back to using RUN. I'm sure it will be loaded as a service again as soon as they solve this.
    Rick
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I also agree this latest version is really good. As for as the close window protection, I gladly trade that off for SSM's ability to control what services and rundll32.exe do. When I was using PG I never used the close window protection. Just found it more of a nuisance than anything.
     
  7. Maji

    Maji Registered Member

    Joined:
    Apr 26, 2006
    Posts:
    33
    Ah yes, I was aware of that issue involving Windows 9x, but I did not know that was the sole reason for the service being removed from the current builds. :) Thanks.

    Also...wouldn't it be possible to stop the SC_CLOSE termination method if we could set the advanced "keep process in memory" and "prevent process from being terminated" options for the SysSafe.exe process? I noticed that, in these recent builds, SysSafe.exe is marked as "System" and its advanced properties cannot be modified. Thanks. :)
     
  8. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    "Keep process in memory" is misnamed in my view - if activated it causes SSM to restart the process if it is closed down. With security software this would leave at least a couple of seconds for malware to do its work.
     
  9. Maji

    Maji Registered Member

    Joined:
    Apr 26, 2006
    Posts:
    33
    Which is why this feature should me modified to work in a manner similar to the way critical windows system services work. When you try to shut down, for example, certain instances of SVCHOST.EXE, the process is either immediately respawned OR an error message comes up telling you that you can't terminate it. Why can't this windows critical system service handling be used by third-party security applications to harden other executables? :?
     
  10. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Well actually this option does duplicate Windows' behaviour with regards to explorer.exe, respawning the process if it gets shut down. Windows itself doesn't provide any protection against termination (which your testing of APT should prove - note that you do need to run it under an Administrator user) so both SSM and PG provide major major enhancements to this. However PG has the lead in termination protection while SSM has the lead in program control (more details here).
     
  11. Maji

    Maji Registered Member

    Joined:
    Apr 26, 2006
    Posts:
    33
    Switching gears for a moment, I am having a bit of a problem purchasing System Safety Monitor. :(

    The site that I get redirected to when I click on the buy link at syssafety.com (i.e. https://secure.shareit.com) simply does not work on my machine. After trying for hours to get the site to load on this machine without success, I proceeded to another machine to attempt to try and purchase the software there. This time the site did load, but I was disappointed to discover that the method of payment I have used for all my other online stuff isn't supported by shareit! :((

    Is there any other way for me to purchase system safety monitor? It is unfortunate that I get all hyped up about purchasing yet another little cool security tool only to discover that the only means available to me at the moment to purchase items with isn't supported by the official seller of the product.

    I know this is probably an issue I should try directing to sales@syssafety.com, but I was hoping to get some guidance here first before attempting to make my case to the folks there. Thanks for your help.! :)
     
  12. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,113
    Location:
    South Texas, USA
    Just noticed a negative effect cause by SSM on my system. SSM makes services.exe jump the cpu usage up to 56% tops every few seconds. Can anyone who is using SSM confirm this or is it just on mine.

    dja2k
     
  13. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Disable Modules/Services - this is what I found to be causing such spikes every 5 seconds (though I never saw any of that magnitude).

    SysSafety have stated that they intend to address this problem - see the ¿Are the lastest versions heavy? thread at their forum.
     
  14. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,113
    Location:
    South Texas, USA
    Thanks Paranoid2000, I think that did the job.

    dja2k
     
  15. Ptah

    Ptah Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    170
    I just installed SSM 2 at work for trial purpose before I install it at home. I have (2) questions about it the first is where is the user documentation, the second how long should you run your pc in learning mode for.

    Just a little background on what I have done:
    1. Installed SSM
    2. opened up each program and executed an normal function
    3. then completed an 8 hr day at work using everyday functions
     
  16. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Open SSM and press F1 to access its online help - that's the documentation. For learning mode, that is up to you. Personally I don't use it since I prefer dealing with the prompts, but I would suggest that just one day should cover the majority of items (startup programs, mouse/touchpad drivers, etc). However Learning Mode should only be used on a clean system - if malware is present, it will be given unrestricted access by Learning Mode whereas without it, you would be prompted when it tried to run.
     
  17. Ptah

    Ptah Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    170
    Thanks Paranoid, I have a clean system both at work and at home. The at home box (mce 2005) I will leave in learning mode a couple of days to make sure everything is covered. What are the modules about? extra areas that you can have ssm cover. Should you also make sure those modules are active while you are in learning mode to lesson the prompts after?
     
  18. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Please review the SSM Help - this describes what each module does. They are all worth enabling (except for Services which currently imposes a heavy CPU load) but are not involved with application rules and will not be affected by learning mode.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.