Turn off UAC for Geswall?

Discussion in 'other anti-malware software' started by bonedriven, Sep 19, 2009.

Thread Status:
Not open for further replies.
  1. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    I am learning Geswall free on my windows 7 at the moment. But I find that Gewall requests to turn off UAC when you want to manually label a file as untrusted. Since I might add many files to untrusted manually now and then later on, I am thinking about turning off UAC permanently.

    I have been favoring the UAC of windows 7 and always think it's a nice feature after it's been optimized. However,it does seem redundant if you are using HIPS too.

    I am changing my security suites to Avira free+Geswall free+Windows 7 Firewall.

    Ideas plz?
     
  2. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    IMHO, GesWall is better suited to XP than Vista/Window 7 because as you have noticed it is not fully compatible with UAC. Further, check out their forum where there are a number of posts regarding bugs/problems with Windows 7.

    So rather than turning off UAC why not think of another HIPS/sandbox?

    On Windows 7/Vista there are much better options than GW including both paid (DefenseWall) or free (Threatfire/Sandboxie) alternatives.
     
  3. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    GeSWall is a great product, you can use its weakness in your favour.

    The advantage of GW over a lot of other applications is that it uses windows internals. Downside is that it runs into a NTFS limitation. GeSWall can't track the untrusted status over different partitions.

    So I suggest you create a small extra partition on your harddrive. When you move an untrusted file into it, it becomes trusted.

    For security reasons I would download PGS and implement a deny execute of that partition. see https://www.wilderssecurity.com/showpost.php?p=1544043&postcount=15 for an example (only instead of C:\Users, you would create a SRP for your new partition).

    Alternatively, you can buy DefenseWall (V2). Ilya has mentioned that all V2 users will get the V3 with Firewall (outbound). Ask him whether he is still offering the free upgrade to existing users. I am currently beta testing V3 it and it is :thumb: :thumb: :thumb:

    With DW V3 you only need an AV to check the emails your sending out to friends, because you are so well protected, the mistake of thinking that with DW3 one is untoucheable for malware is a reality (simply nothing has come through yet)

    Regards Kees
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    This is biggest issue with geswall. I wil not like to turn off UAC for geswall. They must fix it or geswall wil be gone.
    You have an option to make files trusted via geswall console or by moving them to another partition or USB stick.
    What about using norton's UAC instead if it does not interfere with geswall?
     
  5. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    Hi blackcat,

    Maybe you are right. I was actually looking for an hips like sandboxie. Only because that there is only beta version for 7 RTM at the moment,I turned to Geswall. And Geswall does freeze my pc occasionally.
     
  6. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    Hi Kees,

    As I'm only learning Geswall,I don't quite understand your method. :oops:

    And Defensewall is not a freebie.


    Thanks for all your replies.
     
  7. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    The Sandboxie betas tend to be pretty stable so they are worth at least a try and so far I have had no problems with the latest beta, 3.39 and Windows 7 ;)
     
  8. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,434
    Location:
    Europe

    OT: I hated UAC, when I used Vista and I immediately disabled it ( now waiting for 7 I came back to XP ). I want and I can ensure my system security running it as admin, alone all the boring non-root/root as Linux has. :cool: :D And I think that one of the main aim of being in this forum is - for me surely - to go on running Windows as admin in full security.:)
     
    Last edited: Sep 19, 2009
  9. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Simply put, when you move an untrusted file to another disk (e.g. USB) or partition, GeSWall looses track of the untrusted state, meaning the file becomes trusted. SO when you would like to keep UAC on (plus Norton's UAC tool) and bypass the UAC issue with GeSWall, just move the file to another disk or partition and it becomes trusted.

    For security reasons, you would like to apply a deny execute of this disk/partition with Software Restriction Policy (either through secpol.msc or PGS).

    Regards Kees
     
  10. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    Hi Kees,

    I thought a normal file on my computer was labeled trusted,isn't it? So what I wanted to do was to add the file to the untrusted via right click menu. But it seems you are talking about the opposite. o_O
     
Loading...
Thread Status:
Not open for further replies.