tech

Discussion in 'Port Explorer' started by tech, Feb 3, 2003.

Thread Status:
Not open for further replies.
  1. tech

    tech Guest

    hi
    on a win xp pro sp1 box
    \windows\system32\lsass.exe (proto udp) is running red

    this is since the latest release because it wasn't the case before

    please fix this
     
  2. tech

    tech Guest

    Hi

    Port Explorer is an amazing tool and of course a very useful one


    But when a process -after investigation is found to be 'ok' the user should be able to indicate the program it doesn't have to show it in red any more (something like right-click\disable alert)
     
  3. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    This problem should be fixed in the upcoming 1.4 version. I don't think disabling alerts would be a good idea because then trojans might be able to disable themselves from alerting in Port Explorer and we wouldn't want that.
    -Jason-
     
  4. tech

    tech Guest

    I understand your reasons but what about allowing the user (who indeed owns the right to act like he wants on his own system under his own responsibility) at least to change the color from red to another color less aggressive than this red?

    It's useless to have any legitimate process put in red! In this case it's lsass.exe, for others it's some Norton's component

    Also it depends on programmer's programming skills I mean (no offence :))), there must be a way to allow the user to disable a fake alert without allowing any 'hacker' to bypass your tool!

    Consider firewalls : they are also security tools acting in the same filed than PE

    They allow the user to decide by himself if he wants any process to run or not!If the user make the wrong choice then it's its responsibility not yours!
    Yours is, considering the scope of PE, just to let the user know if there is any network-oriented process/application running invisibly like, you're right, most trojan servers do

    But if I applied your comment to firewalls that would mean that any firewall would automatically stop any other process than for ex. IE or OE or any built-in windows updater or component!

    I know my system, I know wich processes are ok and wich are not or are suspicious, so if I want to disable a fake alert I should have the right to do so because I'm old enough :)

    Think about it

    Please be aware however that I find PE very useful
    Keep up the good programming!
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    If you don't like the coloring look in the menu and change them in anything you like.
    The default red just means what it stands for "hidden" and i know on my system which are my hidden sockets, so if i would not see those it would surprise me and then i could be most certainly alarmed.
    Nothing wrong with ideas, but know there are reasons why it's done this way.
    BTW, nothing wrong with Jason's programming skills either: did you find the easter eggs already? The colorschemes from those might attract you!
     
  6. tech

    tech Guest

    Nice tip for color problem
    Now it's ok

    There is no doubt Jason seems to be skilled enough: I was kidding of course
     
  7. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Tech what I meant is that if I had to "store" information about which processes to not show as hidden then a hacking program can change that no matter what I did to protect it. Would you prefer "some" false alarms or "some" trojans getting by :) .

    There are many advanced and easy ways to get past every software firewall so saying firewall's stop ANY program from changing what it allows through is an incorrect statement also :D .

    -Jason-
     
  8. tech

    tech Guest

    ok

    Of course I prefer false alarms...when they are transient!

    My problem was : how can you fix lsass.exe problem because this legitimate process is always shown in red?

    You said you were fixing it so it's ok

    BTW you have to know that MSN Messenger process (msmsgs.exe) not all the time but most of the time is also a problem for PE. Another false alarm I hope you'll fix

    Concerning firewalls I know one can easily (but it isn't that easy indeed) bypass them -even if bypassing mean in most cases killing them

    It was an example to show how a tool can be useful without being too much restrictive and according its user ability to make some decisions
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    So what's wrong with the MSN Messenger? showing hidden too? On my system it's so hidden i don't even use it nor allow to be started at all. So it's in the invisible colors of being there but not running at all.
    Can be fixed easily: running it and it might get hidden when not in use or closed and normal when using it actively.
    Same with firewall logs readers, like the VisualZone for ZoneAlarm for instance: hidden, till it's GUI screen is activated the other get's a normal sockets color.
    Or see many processes for IE or OE and you lose connection, many might turn red as well till they're dropped at all.
    [glow=red,500,500] :eek: [/glow]​
     
  10. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi tech,

    There have been small bugs in the detection of hidden windows, but we should have all those fixed now. The only REAL problem remaining are tray icons, as they do not represent a window..

    If you right click on any tray window they usually show a menu, Port Explorer instantly recognises this belongs to that application (MSN Messenger for instance) and you will see the colour change :)

    I dont mind having a few red sockets on my system, I know what apps I have minimised to the tray - for a couple of days I would occaisonally right click a tray icon just to be sure :)
     
  11. tech

    tech Guest

    Thanks Jooske and Gavin!
    Have a nice evening!
     
  12. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    BTW Jason, as i've been fighting this terrible forum search engine again like so many times before and i'm rather inventive, but this search engine each time refuses to display what i'm trying to find like in this case your posting with the exact christmas eggs to play with the color schemes. I know it is not christmas any more, but the color schemes are very nice and our friend Tech might like them too! Can you pretty please.........? (post them again i mean)
    thank you in advance
     
  13. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Yeah unfortunately they have been removed from Port Explorer Jooske, so you can no longer activate them.
    -Jason-
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.