Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 27

Thread: Program Control Problem

  1. #11

    Default Re: Program Control Problem


    <blockquote><hr>fax wrote:

    <blockquote>
    </blockquote>
    <blockquote>This is the bases for any program control system... may be its not written exactly like this in the manual </blockquote>By the way, if you use 7.1 then the manual is here:http://download.zonelabs.com/bin/med...ser_manual.pdf
    Cheers,Fax

    Message Edited by fax on 05-25-2008 01:21 PM
    <hr></blockquote>Manual is very unclear - in fact (as agreed) it is wrong!!
    What was actual change in recent version?? Advanced Program Control not activated by default?? or something else??
    Do you use DefenseAdvisor on automatic and just trust the ZA system??
    I did come across one contradiction for Sevices and Controller app (C:\Windows\System32). DefenseAdvisor (on automatic) would allow program for both Access and Server (both Trusted and Internet) BUT if you ask for further information the
    ZA site for DefenseAdvisor recommends that you deny internet server rights!!!
    Do you know the address to access the DefenseAdvisor information on the web??


  2. #12
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,288

    Default Re: Program Control Problem


    <BLOCKQUOTE><HR>dogdog wrote:
    What was actual change in recent version?? Advanced Program Control not activated by default?? or something else??
    <HR></BLOCKQUOTE>Program control to MAX does NOT activate Advanced program control...
    <BLOCKQUOTE><HR>dogdog wrote:
    Do you use DefenseAdvisor on automatic and just trust the ZA system??<HR></BLOCKQUOTE>Automatic.Manual is a waste of time... minimise pop-up is my priority.Don't need to get pop-ups if the programs is already whitelisted at ZA server.I only need it if a program is unknown to ZA server.... and this will happen even if Defense Advisor is on automatic.All of this is explained in the manual!
    <BLOCKQUOTE><HR>dogdog wrote:

    <BLOCKQUOTE><HR>I did come across one contradiction for Sevices and Controller app (C:\Windows\System32). DefenseAdvisor (on automatic) would allow program for both Access and Server (both Trusted and Internet) BUT if you ask for further information theZA site for DefenseAdvisor recommends that you deny internet server rights!!!
    <HR></BLOCKQUOTE></BLOCKQUOTE>'Further information'? Example please and link... otherwise difficult to judge.Generally is not recommended to give internet server rights to untrusted or unkwnown programs... the above is not an untrusted not unknown program.Smartdefense gives full access (except send mail) to Service and controller app. (this is in Windows VISTA)If you don't like that, changed it at your own risk... it may work fine or not. Not necessarily now, not necessarly on a specific program, not necessarily you will be able to track back what setting is the cause of the problem. If you want to play with permission be sure to have a full image of your system to go back if something goes wrong.<BLOCKQUOTE><HR>dogdog wrote:

    <BLOCKQUOTE>Do you know the address to access the DefenseAdvisor information on the web??
    <HR></BLOCKQUOTE></BLOCKQUOTE>I am not aware of any address to access Defense Advisor database. I don't think is possible.
    Cheers,Fax

    Message Edited by fax on 05-25-2008 03:47 PM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #13

    Default Re: Program Control Problem


    <blockquote><blockquote>
    <hr></blockquote>
    <blockquote><hr>dogdog wrote:

    <blockquote><hr>I did come across one contradiction for Sevices and Controller app (C:\Windows\System32). DefenseAdvisor (on automatic) would allow program for both Access and Server (both Trusted and Internet) BUT if you ask for further information the
    ZA site for DefenseAdvisor recommends that you deny internet server rights!!!
    <hr></blockquote></blockquote>'Further information'? Example please and link... otherwise difficult to judge.Generally is not recommended to give internet server rights to untrusted or unkwnown programs... the above is not an untrusted not unknown program.Smartdefense gives full access (except send mail) to Service and controller app. (this is in Windows VISTA)
    If you don't like that, changed it at your own risk... it may work fine or not. Not necessarily now, not necessarly on a specific program, not necessarily you will be able to track back what setting is the cause of the problem. If you want to play with permission be sure to have a full image of your system to go back if something goes wrong.
    <blockquote><hr></blockquote></blockquote>If you generate a pop up alert for Service and Controller app (delete this program from Program List and change DefenseAdvisor to Manual and pop up alert will appear in due course)
    and then click on link in pop up
    to get further information
    you will find the comment that the
    ZA site for DefenseAdvisor recommends that you deny internet server rights to Service and Controller app!!! Over to you.


  4. #14
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,288

    Default Re: Program Control Problem


    <BLOCKQUOTE><HR>dogdog wrote:Over to you.

    <HR></BLOCKQUOTE>Trust the decision by ZA program control. The http suggestion is a general one....Cheers,Fax


    Message Edited by fax on 05-25-2008 10:03 PM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #15
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Program Control Problem

    You can not take each application as a seperate application, in terms of network and internet connections (access) and for servers (open ports). And attempt to break down the control/settings directly. Unless you have a very good understanding of the operating system and the ways/needs of the internet/netwroking.
    But if a user really understood of all these, users would not post and ask.

    An example, as previous used, is the services.exe.
    Let me continue.

    Under normal conditions this may need trusted and internet access and even perhaps server rights for itself or direct connections and open ports to the diferrent zones for itself.
    Most definitely access for the trusted and internet internet zone and more than likely just server for the trusted zone.
    However, the ZA not only controls and secures the applications directly involved in network and internet access (and the servers), but the indirect applications involved in the background of the application directly seen using access.
    Hence, if the services.exe is needed directly or indirectly (parent application or child application) or even as an associated process, it is seen by the ZA and controled as such. The automatic permissions follow the needs and usage as seen by the ZA. In the training mode or by user allowed alerts and user set permissions.
    Thus if a simple ping is made using the command prompt, then the services.exe is also seen as using ping or the ICMP or echo request. If the ping is replied, then an open port to allow the incoming echo reply is also seen and so it is declared an open port. And so the services.exe is seen as needing to have an open port or server to the internet.
    Not only is the ping.exe seen (the direct application involved) by the ZA, but also the services.exe, along with the explorer.exe, the command.exe, userinit.exe and thw winlogon.exe. All of these are associated with the somple ping.exe application.
    Since all are involved in sending a icmp out and allow in, each of the processes are seen as needing to have access and server for the internet and trusted zones.
    Even if they themselves do not need it for their own specific and direct uses or connections.

    In the right click of the services.exe in the ZA list, there is the Options.
    Allowing it some freedom to connect through other applications and for decreasing the ZA control of the services.
    All seen in the first two items in the Options.

    Going back to the other example of the ping.exe, allowing the ping.exe and the command.exe to use other applications for internet/network acess maybe needed just for doing pings.

    The trust rating is valuable- at full trust, the application is allowed less restrictions and at low the applications is bascially set "as me" when the application is involved in network/internet connections attempts.
    The trust rating can be used with or seperately with the access and server columns. Ask or allow or deny still can be used with the trust rating.



    Oldsod.

    Message Edited by Oldsod on 05-25-2008 06:16 PM
    Best regards.
    oldsod

  6. #16

    Default Re: Program Control Problem

    Oldsod - many thanks for your further comments. If I may I would like to ask some further explanation:

    <blockquote><hr>Oldsod wrote:
    You can not take each application as a seperate application, in terms of network and internet connections (access) and for servers (open ports). And attempt to break down the control/settings directly. Unless you have a very good understanding of the operating system and the ways/needs of the internet/netwroking.
    But if a user really understood of all these, users would not post and ask.

    An example, as previous used, is the services.exe.
    Let me continue.

    Under normal conditions this may need trusted and internet access and even perhaps server rights for itself or direct connections and open ports to the diferrent zones for itself.
    Most definitely access for the trusted and internet internet zone and more than likely just server for the trusted zone.
    However, the ZA not only controls and secures the applications directly involved in network and internet access (and the servers), but the indirect applications involved in the background of the application directly seen using access.

    Hence, if the services.exe is needed directly or indirectly (parent application or child application) or even as an associated process, it is seen by the ZA and controled as such. The automatic permissions follow the needs and usage as seen by the ZA. In the training mode or by user allowed alerts and user set permissions.
    Thus if a simple ping is made using the command prompt, then the services.exe is also seen as using ping or the ICMP or echo request. If the ping is replied, then an open port to allow the incoming echo reply is also seen and so it is declared an open port. And so the services.exe is seen as needing to have an open port or server to the internet.
    Not only is the ping.exe seen (the direct application involved) by the ZA, but also the services.exe, along with the explorer.exe, the command.exe, userinit.exe and thw winlogon.exe. All of these are associated with the somple ping.exe application.
    Since all are involved in sending a icmp out and allow in, each of the processes are seen as needing to have access and server for the internet and trusted zones.
    Even if they themselves do not need it for their own specific and direct uses or connections.

    Oldsod.

    Message Edited by Oldsod on 05-25-2008 06:16 PM
    <hr></blockquote>Does this mean that if any of the &quot;involved&quot; processes did not have permission to access the internet then ping.exe would be denied access??
    What is it that stops a rogue program hijacking a program with trust/permission to access the internet/undertake unwanted access??
    Can you explain what extra is brought to the party by Advanced Program Control??

    <blockquote><hr>Oldsod wrote:

    The trust rating is valuable- at full trust, the application is allowed less restrictions and at low the applications is bascially set &quot;as me&quot; when the application is involved in network/internet connections attempts.
    The trust rating can be used with or seperately with the access and server columns. Ask or allow or deny still can be used with the trust rating.

    <hr></blockquote>
    What does &quot;as me&quot; mean??


    More generally - Do you, like Fax, set DefenseAdvisor to auto and totally allow ZA to set trust level and access permissions??

    Many thanks

    <blockquote>
    </blockquote>

  7. #17
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Program Control Problem

    If the ZA was finisihed with it's self configuration (after the training period was completed) and the Program Control slider was set to High and the all of the Program Control options were enabled, then yes the ping.exe would be prevented from making the outbound connection.
    But if the ping.exe was allowed during the training period of the ZA, then no. it would not be stopped. The ZA was allowing the ping.exe in it's training period, by the ZA alert and user app[roved, then it will allow the ping.exe access even after the training period.


    The parent/child process of the applications (for a lack of better words) and DLL injection into the approved applications is controlled by the ZA for the protections against rogue hijacking of approved programs.

    If you take a look at this post:

    http://forum.zonelabs.org/zonelabs/b...ssage.id=18592

    I used something very simple such as the irfanview for an example of an unwanted application (for the "rogue" program) attempting internet access with an approved application (the browser).
    The ZA stopped both the localhost connection atempts and the dns lookup attempts of the rogue application.

    Advanced program control will alert for changes of an application and new application attempts.
    Also:

    "This program may use other programs to access the Internet"

    Allows the selected program to use other programs to access the Internet.
    I would imaging this simplies a lot of "user"control for the inter-process realtionshoips needed for internet control (such as ping.exe for example).

    "Allow Application Interaction"

    Allows the selected program to use OpenProcess and CreateProcess functions on your computer. I generally apply this myself to the individual antivirus scanner applications (for less restrictions) and for certain window application (ctfmon.exe for example) and for the main browser ( I let my browser use certain other applications such the wmp, adobe reader, irfanview, window components, etc).

    Actually the "as me" is confusing to myself. It is a typo - sorry.
    I meant to type "ask me" as in "ask me first before allowing"!

    Actually no I do not use those. I differ from Fax and probably most users of the ZA in this aspect.
    I set the Defense Advisor to Off and set my own particular Trusted and Access permissions. I set my Expert rules in Firewall and for the Expert of the indiviual applications. (But then again I always have been of a non-confromist.)

    Like this:







    Oldsod.
    Best regards.
    oldsod

  8. #18

    Default Re: Program Control Problem

    Sorry but still not clear on a number of aspects:

    <blockquote><hr>Oldsod wrote:
    If the ZA was finisihed with it's self configuration (after the training period was completed) and the Program Control slider was set to High and the all of the Program Control options were enabled, then yes the ping.exe would be prevented from making the outbound connection.
    But if the ping.exe was allowed during the training period of the ZA, then no. it would not be stopped. The ZA was allowing the ping.exe in it's training period, by the ZA alert and user app[roved, then it will allow the ping.exe access even after the training period.

    <hr></blockquote>When you say &quot;all the Program Control options were enabled&quot; which do you mean?? Do you include Advanced Program Control &amp; Application Interaction Control?? I thought that Fax had advised that the default ZA settings meant that a rogue progeam could not misuse a trusted program ie even if Advanced Program Control &amp; Application Interaction Control were not enabled??
    When I enabled Advanced Program Control I got a very large number of alerts with confusing advice from DefenseAdvisor (eg it recommended Deny for a ZA ForceField program).

    I am not clear on the distinction between marking a program as trusted (various levels - 1,2 or 3 bars) and allowing internet or server access. Allowing access is self explanatory but what does trusted at the various levels do that is separate and presumably additional. Would be grateful if you could explain this aspect for me.

  9. #19
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Program Control Problem

    Can you list the alerts?

    Oldsod.
    Best regards.
    oldsod

  10. #20

    Default Re: Program Control Problem

    Sorry can't remember them now. How about my other queries.
    Many thanks

Page 2 of 3 FirstFirst 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •