What rules to use to protect security apps

Discussion in 'Ghost Security Suite (GSS)' started by ghostriderg, Oct 17, 2006.

Thread Status:
Not open for further replies.
  1. ghostriderg

    ghostriderg Registered Member

    Joined:
    Aug 26, 2006
    Posts:
    16
    Hi Everyone!

    Can someone please advise as to the best way to create rules for protecting my security apps i.e. firewall, AV, AS etc..

    I currently have this for the firewall set to block:

    HKEY_LOCAL_MACHINE\Software\Agnitum** | * | | MODIFY KEY, SET VALUE, DELETE VALUE | agnitum | 1

    Is this correct?

    TIA
     
  2. smith2006

    smith2006 Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    759
    I am also using Outpost Firewall 4.0 (together with Ghost Security Suite), & I don't have specifc application rules for it.

    The new "Self-Protection" feature in Outpost should be robust enough to resist any such attempts. :D
     
  3. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    Hi ghostriderg.

    I use rules to protect some of my security apps. The best way to go about it,is to try and narrow them down as much as possible. eg some apps store there 'rules' & 'settings' in the registry,so target those specific keys/values,also protect their 'auto start' entries so that their not dissabled from starting with windows,some are already in the 'default rules' (eg HKEY_LOCAL_MACHINE\System\*controlset*\Services\'app name') also add HKEY_LOCAL_MACHINE\System\*controlset*\Enum\Root\Legacy_'app name'

    eg to protect GSS i have the following rules:-

    HKEY_CURRENT_USER\Software\Ghost security**
    HKEY_LOCAL_MACHINE\Software\Ghost security\Ghostsecuritysuite - *RuleSet
    HKEY_LOCAL_MACHINE\Software\Ghost security\Ghostsecuritysuite - ?DReg*
    HKEY_LOCAL_MACHINE\Software\Ghost security\Ghostsecuritysuite - Reg*
    HKEY_LOCAL_MACHINE\System\*controlset*\Services\Ghostsec**
    HKEY_LOCAL_MACHINE\System\*controlset*\Enum\Root\Legacy_ghostsec**


    Last but not least, DON'T FORGET TO GIVE YOUR SECURITY APPS FULL ACCESS TO THEIR OWN REG ENTRIES.

    Hope that helps mate.
     
  4. ghostriderg

    ghostriderg Registered Member

    Joined:
    Aug 26, 2006
    Posts:
    16
    Hi all

    Thanks for your replies!

    Tonyjl that info was very helpful as it has opened my eyes a bit more :eek: in re to where and what to look for/at in the reg.

    By the way I am using your/Tay custom privacy rules which have been very useful. Its amazing how many apps call on user id, some for it seems no valid reason that I can see.

    Also some time back you posted file extensions to guard against how would I set this up?

    much obliged!

    ghostriderg
     
  5. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    Hi G.

    Glad i could help with securing your sec apps.

    Not sure if your getting me confused with Tony Klien (who's rules have been approved), i (aswell as many others) did help with the rules,but it's mostly his work.

    Anyway..

    OK,you might not be using TK's rules then,or an older seto_O anyway if you download TK's rules if i remember correctly,i'm sure he has included file ext. to protect,as well as other rules that you'll benefit from.

    You can get hold of his rules here

    https://www.wilderssecurity.com/showthread.php?t=85130

    Any other Q's,let us know.
     
Thread Status:
Not open for further replies.