Installation mode and Clean PC Mode

(Quoted from Egemen’s forum entry)

1 - Installation Mode :

In thiss version of Defense+, there is a builtin security policy called “Windows Installer Application”. This policy, when applied, gives a process maximum accesss rights. When the system switches to the installation mode, the child processes i.e. the process which has “Windows Installer Application” access right will have the same rights as its parent.

For example :

xyzsetup.exe is treated as “Windows Installer Application”.

xyzsetup.exe will be able to modify everything. Later xyzsetup.exe tries to run “aftersetupconfig.exe” file. If you switch to installation mode, aftersetupconfig.exe will also have the same access rights as xyzsetup.exe.

This is more useful for windows updates. svchost.exe is the process responsible for downloading and installing windows updates in Windows XP.

1- svchost.exe will connect to the MS site
2 - svchost.exe downloads ie7setup.exe
3- svchost.exe runs ie7setup.exe
4- ie7setup.exe install IE7.

If you dont switch to installation mode, after step4, CFP is going to show its usual popups for the ie7setup.exe because it has no rights.

If you switch to Installation mode, it will be installed silently. Upto 3 chlid processes…

CFP will remind you every 5 minutes to switch back from the installation mode because of the implicated security risks.

For example, in certain cases, iexplore.exe can be run from svchost.exe. If the system is in installation mode, iexplore.exe can be treated as installer too! Thats why CFP will always bug you to switch from this mode asap.

I hope this makes it clear.

2 - Clean PC Mode

If your computer is clean, you may not want toanswer frequent popups. ın this mode, CFP will assume all the files in the fixed drives are safe and will learn all the activities of them.

However if a new file is introduced to the system, be it from the internet or from somewhere else, or even if a file is modified, CFP will immediately assume it as suspicious and move it to the My Pending List.

Later you can review and remove these files from this list. When you manually remove the files from this list, they will be assumed as safe.

My Pending List has other uses for clean PC mode too. For example, you may not want CFP to assume some files/folders as safe. For example your leaktester programs directory. You can add them to My Pending Files list and CFP will not assume them as safe.

We will provide a full documentation with the final release, but for now, i hope this makes things clear.