I’m trying to work out how to get some control over services.exe (coz cpf3 by default seems to let it run / do anything at all).
So, I go to defense+ → advanced → computer security policy, and right click on services.exe, which is catagorized under “Windows applications”, and select “edit”. (1)
SO far, it seems easy enough, but no, t’was not to be.
Instead, I get a message " you need to use my file groups window to edit this application. (2)
Fair enough, so I go to the helpfile to track down this mysterious “my file groups”, as I sure haven’t seen it. According to the helpfile, “My file groups” lives under defense+ → common tasks. Ok, I’ll go there then.
Except I can’t, as there’s no such thing. (3)
“My protected files” seems similar, but it is useless for my purposes, so far as I can tell.
There seems to be no way of actually editing the “Windows applications” (ie what applications are listed within the "windows system applications gruop) list at all. (:AGY)
Please someone tell me I’m wrong, and make me :BNC
(if you can, that is)
In either “my protected files” or “my quarantined files” there’s a button named “Groups…”. True its not handy. :-\
Anyway services.exe is a core Windows app, you should not really restrict it, unless you really know what you’re doing, and even in that case I don’t think you should.
Thanks guys
In end (before I read your replies, unfortunately) I just deleted the entire “windows system applications” group, and added the various processes + permissions myself.
Halfway through doing this, cpf3 crashed, ( >:( ) which caused a few nervous moments, but I got it working how I want it to.
Except that after rebooting, I didn’t see a single “defense + is learning…” message referring to .sys files?
I have *.sys in defense+ → advanced → image execution control settings → files to check, but it seems that they will load without cpf3 noticing?
I used to use SSM free, and that would prompt about services.exe loading .sys files, so I don’t really understand why cpf3 doesn’t.
After the reboot, i checked in the execution permissions, and cpf3 hasn’t noticed a single driver loaded by services.exe?
I don’t think that could be right, though whether it’s because cpf3 loads after services.exe has already loaded all the drivers already, or a bug I really couldn’t say.
Does you Groups button disappear and reappear at mouse movement?
try it from My Protected files move your mouse from the bottom of the Groups button up to the Purge
button…mine disappears hehe…is this a bug or what =)
Yes it is a bug but a very small one so not likely to fixed yet.
This bug has been for some time (Beta/Rc1) it only happens when you have the window maximize.
Dennis
But do report it in the