ZoneAlarm/ProcessGuard Program Control conflict?

Discussion in 'ProcessGuard' started by SamuelH, Oct 6, 2005.

Thread Status:
Not open for further replies.
  1. SamuelH

    SamuelH Registered Member

    Joined:
    Oct 5, 2005
    Posts:
    3
    I just got ProcessGuard and I like it a lot. I've been running some leaktests to see how secure my system is, but there is a weird occurence. If I try it for the first time, I click "Yes" when ProcessGuard makes sure I want to run the program. However, there are sometimes no consequent requests from ZoneAlarm when the program tries to access the internet. Therefore one of the tests has been successful the first time. However when I ran it again, I wasnt prompted by PG (I had saved it as an allowed program) but then it failed because I was prompted by ZoneAlarm, and denied it access causing it to fail, and my security to pass. However the first time should be just as secure because in a real world situation, all it needs is one chance. Although I'm not just gonna go around allowing programs I've never heard of to execute and if it wasnt disguised I'd probably have blocked it from running in the first place, there are times this may not be the case.

    Here is the exact happening:
    I get TooLeaky, and run it. I allow and remember it in PG. I start the test. It is successful (and my security failed). I run the test again, and this time PG remembers it and doesnt prompt me. However I get a Dangerous Behavoir alert from ZoneAlarm informing me that it is trying to launch IE. Needless to say, I dont allow it, and I pass the test. However allowing a program to run, and then discovering dangerous behavoirs are different, and I want to know why I'm not prompted by PG and then alerted by ZoneAlarm once that actual program is launched, and if I can fix this.
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    well if u let PG remember it, it wont prompt u. and remember, PG only prompts for execution and (in the paid version) it may block hooks, memory access etc. depending on your config. ZA's OSFirewall may work different but i dont use it so i cant comment on it.
     
  3. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,702
    Location:
    Texas
    Hi WSFuser, I'm happy to see your an active folder! I've been folding at home for along time now & allow, the big WU's. Keep folding dude!

    Take care
    rico
     
  4. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    same to u, but is that all u wanted to say? well at least my sig works. :D
     
  5. Mover

    Mover Registered Member

    Joined:
    Oct 1, 2005
    Posts:
    165
    When you say 'Yes', I think you mean the 'Permit' or 'Deny' choice PG gives you.

    On that first run when PG pops up the 'Permit/Deny' choice, you press the 'Permit' choice and expect ZoneAlarm to give you a warning. Even though you are pressing 'Permit' that first time, I don't believe TooLeaky executes to completion properly (therefore no ZoneAlarm warning)

    I've had a similar experience trying to run Rootkit Revealer for the first time with PG on. I would get all these popups 'Permit/Deny' and I would always chose Permit but Rootkit Revealer didn't run or begin to run properly that first time. Once everthing was setup, it ran flawlessly.

    My guess is that TooLeaky isn't running properly that first time and isn't even making an attempt to get past the firewall.
     
Thread Status:
Not open for further replies.