problem with rules

fazio93 · June 7, 2008, 10:14pm

i set all of my avast executables to Trusted App in D+
some avast executables run/alter other avast executables, so it pops ups b/c under the default predefined “Trusted App”, it has “run an executable” as “ask”. how come when the alert comes up and i press allow (making it remember or not remember) the avast entry goes back to “custom policy” in the D+ computer security policy. this is not only avast doing this, i just used it as an example.

btw, why can’t you alter the predefined “Trusted App” entry to allow the access right to run an executable? it only has ask or block.

system · June 7, 2008, 10:48pm

This is normal depending on the app. I have made some of my games trusted then after playing them I look under D+ and they are set to custom. Perfectly normal. (R)

fazio93 · June 7, 2008, 10:53pm

its a little annoying…

but still, why wouldn’t there be an option to allow it to run an executable in the predefined “trusted app” access rights?

MrBrian · June 8, 2008, 12:43am

The reason is because once you’ve created a rule in a program’s security policy that differs from a predefined security policy that was originally assigned to it, you no longer are using the exact same ruleset as the predefined security policy, and thus CFP correctly changes the entry to ‘custom policy’.

If you want the ability to run executables without alert, use predefined policy ‘Windows System Application’ instead of ‘Trusted Application’.

fazio93 · June 8, 2008, 3:37pm

it says in the help topic that most programs don’t need that high of a privilege, so i don’t know if putting all my trusted apps as windows system apps is ok

fazio93 · June 9, 2008, 6:19pm

any advice? put them all as windows system app? to me a windows system app is like dllhost or svchost, not firefox, avast, etc.

system · June 9, 2008, 6:35pm

You might set avast.setup to “installer or updater” which allows it to run other executables. My “Windows System Application” still says “ask” for that privilege, but I or U works fine.,

fazio93 · June 9, 2008, 6:41pm

i have alot of other avast executables that also need to run other .exes

would putting these (screen shot) to all windows system app be alright?

[attachment deleted by admin]

system · June 9, 2008, 6:49pm

Most of these applications don’t run other appications, so they can be Windows System Applications or custom policy. If you get a popup for one of them saying it wants to run another application, set it to I&U. I don’t get popups from them in Paranoid mode that way.

fazio93 · June 9, 2008, 6:56pm

there’s also programs like ccleaner, revo uninstaller, and erunt which plays with the registry. could these be windows sys app?

system · June 9, 2008, 7:03pm

Sure; I think the default policy for Windows System Application is the same as for Trusted. At least is is for mine.

fazio93 · June 9, 2008, 7:05pm

only diff. is windows sys app can run .exes and trusted you have to ask.

i just set all my avast exes to trusted. rebooted. pop up for ashserv modifying avast.setup (put to I or U). went to computer security policy and ashavast, ashsimpl, and ashdisp were all custom.

MrBrian · June 9, 2008, 11:58pm

You can set any program to be a Windows System Application. Whether it’s a good idea to do so is another matter. My philisophy is to let a program do only what it needs to do, and thus I use Windows System Application and Trusted Application in Defense+ seldomly.