System Safety Monitor

Discussion in 'other anti-malware software' started by WilliamP, Dec 15, 2003.

Thread Status:
Not open for further replies.
  1. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    How do you set this program up after downloading? I have Windows XP Home Edition. I would appreciate the help.
     
  2. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Run the executable after it is downloaded and install SSM in a directory such as C:\SSM.
    Then in your file browser, doublclick the exe file in the SSM folder.
    This will place SSM in your system tray. Doublclick it and make sure under options start SSM automatically is checked. Now comes the fun. Minimise it not close and right click the SSM icon. Check watch app activity. It will ask if you want to ok the services and programs that are currently running, so say yes unless you have a trojan running. :).
    Now as you load applications it is going to ask you what you want to do. Choose the top options to allow the program, unless it is a bad guy. It takes a while to get all the programs allowed, but after the initial day or so it slows down to a trickle.
    Look it over for a couple of days to get a feel for what it does. Its a great program. Hold off on enabling plugins until youre ready to do a little trial and error. I'll help if you need it.
     
  3. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    Under "preferences" -> "options" tab -> "notifications" , I also usually like to have "alert if application was terminated by SSM" and "alert on miscellaneous application activity" checked. The second option will display a notification if a DLL/code injection has been blocked. Just personal preference to have these enabled.

    Most Application Activities that SSM prompt you about is concerning Windows Explorer starting an application that is not on your app list.
     
  4. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Thank you both for your replies. Root I am planning on cranking it up this week end so I may be calling on your help.
     
  5. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Ok Root I have SSM running . On set up I let it set all the running programs as safe. Then I double clicked on all my short cuts . A box came up to select action for this application. I clicked to allways allow this action. Then the program loaded. Is this what I was supposed to do?
     
  6. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Also could you tell me how SSM handles program updates? Thank you for your help.
     
  7. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I have another question. Right now everything seems fine. When I look in security it has the option for administrator mode and user mode and a place for password. Right now nothing has been selected . What should I do?
     
  8. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Yep. Always allow is the easiest way to go and should be safe as long as you know its your program and no some malware. An exception would be to allow just this time for an app that you do not want to give trusted privileges. I do that for IE when I occasionally use it for updates.

    You should get a popup box that says the program is not the program you originally authorized, so clik Ok(Ithink). Then you will get a second popup to set your preference for the new version.

    If you don't make a lot of changes, password protecting it should be sufficient. I do neither because I am constantly updating and installing programs. Never tried user mode.

    Good to hear you seem to be using it without any hitches. Hope this takes care of your question. If not, let me know.
     
  9. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Thank you for your help. Have a good weekend and a very Merry Christmas.
     
  10. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    I suggest you do some testing to see if all Aps you would be concerned about are stopped in administrator mode vs user mode. Read here Redwolfe's experience with firewar:

    http://www.wilderssecurity.com/showthread.php?t=17621

    also try the leaktests here:

    http://perso.wanadoo.fr/jugesoftware/firewallleaktester/eng/index.html

    my experience is placing in user mode will definitely stop any Ap not so in Admin mode.

    whether you password protect or not is up to you (added protection against local as well as termination Aps which theoretically should not execute if you are in user mode)

    you may also want to enable the terminate windows if SSM is terminated up to you...

    good read here also:

    http://perso.wanadoo.fr/jugesoftware/firewallleaktester/eng/pageweb/software.html
     
  11. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I had read the post on firewar . It seems that after going to user mode it stopped firewar in either mode. I may wait a few days ,till I know I have all my trusted apps. allowed then go to user mode. Thank you. If you have any other suggestions ,I'm interested.
     
  12. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    you may want to reread that thread, the way I recall the sequence of events, redwolfe could not successfully defend against firewar dropping his firewall until it was suggested he move SSM from admin to user mode...

    not a big deal just right click in & out unless you set a password
     
  13. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Thank you peakaboo. I didn't know it could be switched back and forth so easy. This is from the post that was referenced. [ thanks, peakaboo.. that worked, switching it from administrator to user mode.. now it is stopping firewar even in administator mode.. 'don't know why it wouldn't, before. ssm is running smoothly.. ]
     
  14. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Has anyone donated to SSM? I'm a little leary. Yesterday while attempting to get to the web site my firewall popped up blocking my credit card info.
     
  15. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Hi WIlliam,

    just curious you went here:

    http://maxcomputing.narod.ru/ssme.html?lang

    which led you here for the donation:

    http://order.kagi.com/cgi-bin/store.cgi?storeID=6CXAX&&

    which allowed you to securely enter your credit card info:

    https://order.kagi.com/cgi-bin/store.cgi

    what did your firewall say?

    mine didn't even burp.

    lots of adstuff, Java aplets, JS etc which proxo kills on that 1st site but nothing bad as far as I could tell
     
  16. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Actually I was waiting for the site to load when the firewall popped up. I have DSL and last night his site was very slow. It reminded of the old Windows 98 days wilth dial up.
     
  17. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    This is the page that I had clicked on.http://kormushkin.narod.ru/ . I had gotten this from somewhere.
     
  18. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I have Norton firewall and I don't remember exactly what it said . I know it said that it was blocking credit card info.so I told it to block it.
     
  19. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    interesting...

    you got to the correct site after redirect:

    http://maxcomputing.narod.ru/ssme.html

    be interesting to see the log from Norton on that exception if you're logging

    maybe Max will see this and address o_O
     
  20. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
  21. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    It was probably a false alarm. I went into Nortons log and I couldn't tell where it was. It is very unusual for my firewall to stop something like that.
     
  22. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Root can you tell me what the Registry plug in does and do you think that it is needed? Hope you had a nice Christmas.
     
  23. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    As far as I can tell it is meant to guard certain registry entries that load at startup.
    I can't use it because it is giving me constant logging entries for some reason or another. Haven't got around to investigating it yet.
     
  24. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I don't know if I want to try it. I have had a strange thing happen a couple of times. After leaving the computer and then comming back the SSM was keeping the win\defrag.exe from running. No one had told it to defrag. I think the screen saver caused it , but I don't know why. The screen saver had been ok' ed
     
  25. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    I would guess that your defrag has some kind of schedule then, possibly to defrag when the screensaver kicks in.

    I am reasonably sure SSM will not start anything on its own.
     
Thread Status:
Not open for further replies.