hi on a win xp pro sp1 box \windows\system32\lsass.exe (proto udp) is running red this is since the latest release because it wasn't the case before please fix this
Hi Port Explorer is an amazing tool and of course a very useful one But when a process -after investigation is found to be 'ok' the user should be able to indicate the program it doesn't have to show it in red any more (something like right-click\disable alert)
This problem should be fixed in the upcoming 1.4 version. I don't think disabling alerts would be a good idea because then trojans might be able to disable themselves from alerting in Port Explorer and we wouldn't want that. -Jason-
I understand your reasons but what about allowing the user (who indeed owns the right to act like he wants on his own system under his own responsibility) at least to change the color from red to another color less aggressive than this red? It's useless to have any legitimate process put in red! In this case it's lsass.exe, for others it's some Norton's component Also it depends on programmer's programming skills I mean (no offence )), there must be a way to allow the user to disable a fake alert without allowing any 'hacker' to bypass your tool! Consider firewalls : they are also security tools acting in the same filed than PE They allow the user to decide by himself if he wants any process to run or not!If the user make the wrong choice then it's its responsibility not yours! Yours is, considering the scope of PE, just to let the user know if there is any network-oriented process/application running invisibly like, you're right, most trojan servers do But if I applied your comment to firewalls that would mean that any firewall would automatically stop any other process than for ex. IE or OE or any built-in windows updater or component! I know my system, I know wich processes are ok and wich are not or are suspicious, so if I want to disable a fake alert I should have the right to do so because I'm old enough Think about it Please be aware however that I find PE very useful Keep up the good programming!
If you don't like the coloring look in the menu and change them in anything you like. The default red just means what it stands for "hidden" and i know on my system which are my hidden sockets, so if i would not see those it would surprise me and then i could be most certainly alarmed. Nothing wrong with ideas, but know there are reasons why it's done this way. BTW, nothing wrong with Jason's programming skills either: did you find the easter eggs already? The colorschemes from those might attract you!
Nice tip for color problem Now it's ok There is no doubt Jason seems to be skilled enough: I was kidding of course
Tech what I meant is that if I had to "store" information about which processes to not show as hidden then a hacking program can change that no matter what I did to protect it. Would you prefer "some" false alarms or "some" trojans getting by . There are many advanced and easy ways to get past every software firewall so saying firewall's stop ANY program from changing what it allows through is an incorrect statement also . -Jason-
ok Of course I prefer false alarms...when they are transient! My problem was : how can you fix lsass.exe problem because this legitimate process is always shown in red? You said you were fixing it so it's ok BTW you have to know that MSN Messenger process (msmsgs.exe) not all the time but most of the time is also a problem for PE. Another false alarm I hope you'll fix Concerning firewalls I know one can easily (but it isn't that easy indeed) bypass them -even if bypassing mean in most cases killing them It was an example to show how a tool can be useful without being too much restrictive and according its user ability to make some decisions
So what's wrong with the MSN Messenger? showing hidden too? On my system it's so hidden i don't even use it nor allow to be started at all. So it's in the invisible colors of being there but not running at all. Can be fixed easily: running it and it might get hidden when not in use or closed and normal when using it actively. Same with firewall logs readers, like the VisualZone for ZoneAlarm for instance: hidden, till it's GUI screen is activated the other get's a normal sockets color. Or see many processes for IE or OE and you lose connection, many might turn red as well till they're dropped at all. [glow=red,500,500] [/glow]
Hi tech, There have been small bugs in the detection of hidden windows, but we should have all those fixed now. The only REAL problem remaining are tray icons, as they do not represent a window.. If you right click on any tray window they usually show a menu, Port Explorer instantly recognises this belongs to that application (MSN Messenger for instance) and you will see the colour change I dont mind having a few red sockets on my system, I know what apps I have minimised to the tray - for a couple of days I would occaisonally right click a tray icon just to be sure
BTW Jason, as i've been fighting this terrible forum search engine again like so many times before and i'm rather inventive, but this search engine each time refuses to display what i'm trying to find like in this case your posting with the exact christmas eggs to play with the color schemes. I know it is not christmas any more, but the color schemes are very nice and our friend Tech might like them too! Can you pretty please.........? (post them again i mean) thank you in advance
Yeah unfortunately they have been removed from Port Explorer Jooske, so you can no longer activate them. -Jason-