Repeated alerts when running application from removable media


Sorry for my English, my native language is Russian.

Problem is affects Defence+ and Firewall.

Sequence of actions that cause the problem:

  1. I’m connect my USB flash disk to PC (WinXP SP3) and run the application on it
  2. Defence+ alerts that the explorer.exe is trying to execute my exe-file and other alerts that application needs
  3. I’m “Allow” and “Remember” all alerts
  4. Then I’m disconnect the USB flash disk and connect it again.
  5. When I’m trying to execute the application again the Defence+ alerts again that explorer.exe is trying to execute it. Other alerts don’t appears.

After several times of connect-execute-disconnect I’m goto:
Defence+ - Computer security policy - explorer.exe - Access Rights - Run an executable - Modify,
and see MANY entries with my application in Allowed Applications.

The same problem with the Firewall.
After reconnecting USB flash disk Firewall is shows the same request that is already stored in Application Rules. After “Allow” and “Remember” it duplicates this rule in Application Rules.

Instead of USB flash disk may be used PGPdisk - the result is the same.
Hope for fix in the next update, because it’s annoying when I’m often work with portable applications.

Hi Mancolov,

See this thread. :wink:

Even though the apps will be on the white list, the only way they wil not producean alert is if they are first copied to a fixed disk.

Executables started from a removable device will still, I’m almost certain of this, be deemed untrusted and produce an alert.

Ewen :slight_smile:

No alerts for safe applications on my USB flash drive. :wink:

Why would it matter where a safe file is?

I make a copy of ping.exe from c:\windows\system32 to d:\ and rename it to 111.exe. Start it - no alerts - good, it’s works! Then I modify data in entry point of 111.exe and run it - still no alerts. Hmmm…
Sorry for offtopic.

If you switch to Paranoid Mode, you will see that explorer.exe starts ntvdm.exe, a safe application, when you click on the modified ping.exe. :wink:

[attachment deleted by admin]

Ok. Thanks for explanation.
But here can be one issue. When the application is allowed to run previously and then I modify the application, it will executes without alerts even in paranoid mode.
I know that the defence+ is not checking hash of the exe-file each time that it run. But it’s not good…

Regarding the topic,
Whether will be option in update that allows to run the application from removable media without repeating alerts?