Author Topic: Installation mode and Clean PC Mode  (Read 3899 times)

Offline Arkangyal

  • "There is nothing impossible to him who will try." - Alexander The Great, ancient Greek King of Macedon, 356 BC-323 BC.
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1340
  • [ Visit Hungary ] www.hungary.hu
    • My blog
Installation mode and Clean PC Mode
« on: September 29, 2007, 07:18:44 AM »
(Quoted from Egemen's forum entry)

1 - Installation Mode :

In thiss version of Defense+, there is a builtin security policy called "Windows Installer Application". This policy, when applied, gives a process maximum accesss rights. When the system switches to the installation mode, the *child* processes i.e. the process which has "Windows Installer Application" access right will have the same rights as its parent.

For example :

xyzsetup.exe is treated as "Windows Installer Application".

xyzsetup.exe will be able to modify everything. Later xyzsetup.exe tries to run "aftersetupconfig.exe" file. If you switch to installation mode, aftersetupconfig.exe will also have the same access rights as xyzsetup.exe.

This is more useful for windows updates. svchost.exe is the process responsible for downloading and installing windows updates in Windows XP.

1- svchost.exe will connect to the MS site
2 - svchost.exe downloads ie7setup.exe
3- svchost.exe runs ie7setup.exe
4- ie7setup.exe install IE7.

If you dont switch to installation mode, after step4, CFP is going to show its usual popups for the ie7setup.exe because it has no rights.

If you switch to Installation mode, it will be installed silently. Upto 3 chlid processes..

CFP will remind you every 5 minutes to switch back from the installation mode because of the implicated security risks.

For example, in certain cases, iexplore.exe can be run from svchost.exe. If the system is in installation mode, iexplore.exe can be treated as installer too! Thats why CFP will always bug you to switch from this mode asap.

I hope this makes it clear.

2 - Clean PC Mode

If your computer is clean, you may not want toanswer frequent popups. ın this mode, CFP will assume all the files in the *fixed* drives are safe and will learn all the activities of them.

However if a new file is introduced to the system, be it from the internet or from somewhere else, or even if a file is modified, CFP will immediately assume it as suspicious and move it to the My Pending List.

Later you can review and remove these files from this list. When you manually remove the files from this list, they will be assumed as safe.


My Pending List has other uses for clean PC mode too. For example, you may not want CFP to assume some files/folders as safe. For example your leaktester programs directory. You can add them to My Pending Files list and CFP will not assume them as safe.

We will provide a full documentation with the final release, but for now, i hope this makes things clear.

Egemen

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek