Defense+ and Apache 2.2

Hi. I’m trying to work out why Defense+ is stopping Apache from loading. I know that Defense+ is the cause – if I disable it then Apache loads, if I enable it on any mode (Training to Paranoid) then Apache fails.

Apache logs are not very helpful but I wouldn’t expect them to be – Apache just knows that it is being prevented from running, not why or by what. The Apache logs says:

[crit] (OS 5)Access is denied. : Parent: Failed to create the child process. [crit] (OS 6)The handle is invalid. : master_main: create child process failed. Exiting.

I have httpd.exe included in Defense+ trusted files.

If I run httpd.exe in the sandbox, it appears to run (at least I can see httpd.exe as a running service in Task Manager), but it doesn’t respond to HTTP requests.

I looked at the Computer Security Policy function under Defense+ and httpd.exe is listed as a Trusted Application. I was going to try changing its status to “Installer or Updater” but I got a strong warning from Defense+ not to do this, so I didn’t try it.

What I’d like to understand is where in Defense+ I can find a detailed log of why it is rejecting httpd.exe and once I know that, I may be able to post a specific question about how to fix the problem. Thanks.

You need to give the Apache executable (the one that tries to create a child process) the Installer/Updater policy. That way CIS will allow the child processes to run without notification of the user.

After you made the new rule check where the rule is positioned. If it is positioned under a rule called “All Applications” please drag and drop it to a position above the “All Application” rule.

Thank you. That seems to have worked.