|
Curt
|
 |
« on: April 09, 2011, 09:42:13 PM » |
|
I had a look inside my Outpost Security Suite Pro 7.1's log, and realized that a war is going on!  Page up and down the Event Viewer has this one incident every few seconds: svchost.exe
Access to protected application data is blocked
C:\Users\Curt\AppData\Roaming\Mozilla\Firefox\Profiles\dxhgv8j7.default\signons.sqlite
-meaning svchost.exe is blocked by Outpost from reaching this signons.sqlite (in Firefox 3.6). What is that war about?  |
|
|
|
|
Logged
|
Remember what you said, because in a day or two, I'll have a witty and blistering retort! You'll be devastated THEN!
|
|
|
|
worstje
|
|
« Reply #1 on: April 09, 2011, 09:53:40 PM » |
|
Does it list a process number for the scvhost.exe? If it does, you can use Process Explorer to try and figure out what services it hosts, and thus which service tries to access the file.
|
|
|
|
|
Logged
|
|
|
|
|
mahesh2k
|
|
« Reply #2 on: April 10, 2011, 01:31:01 AM » |
|
Spoolsv is taking more resources on my computer and making my firefox unstable. If i click on any webpage link then it opens firefox download cue window and shows the progress of page downloading on disk. I don't know what is wrong with ff or windows. Also i noticed that svchost/spoolsv taking control of firefox's resources and making scrolling hard and in turn giving results like font increase or decrease when scroller is used.
|
|
|
|
|
Logged
|
|
|
|
|
|
Curt
|
|
« Reply #3 on: April 10, 2011, 04:53:13 AM » |
|
- Does it list a process number for the scvhost.exe? -no, PIDs are not listed. (I think I will ask Agnitum to do this.) -------- mahesh2k, I hope you will figure out what your problem with Firefox is about, so you don't have to use Revo Uninstalller (or similar) to remove ALL of Firefox - but it might be necessary. |
|
|
|
|
Logged
|
Remember what you said, because in a day or two, I'll have a witty and blistering retort! You'll be devastated THEN!
|
|
|
|
sajman99
|
|
« Reply #4 on: April 11, 2011, 12:58:58 PM » |
|
This war seems like it's good for absolutely nothing.  btw this same issue was discussed in the Outpost forum. See post #4 where it mentions svchost is blocked from reaching sqlite in the Firefox profile. |
|
|
|
|
Logged
|
|
|
|
|
Curt
|
|
« Reply #5 on: April 11, 2011, 02:23:46 PM » |
|
hmm... my Firefox 3.6 is unable to reach the site at all. Opera had no problems opening the page. Thanks a lot for this link, sajman99  It is clear that I am not the only one having problems with signons.sqlite. But it is a little strange to me that there have been no follow-up for almost a year - the problem has not been solved. I wrote Agnitum and suggested they make Application Guard also tell the PID number for blocked programs. But as one of the poster said, if we want to know the answer to the problem, we should contact Mozilla and Microsoft. As if I would expect them to ever answer! Maybe there is a better chance to get an answer, if I ask the company behind sqlite? I have not yet any idea who that is. |
|
|
|
|
Logged
|
Remember what you said, because in a day or two, I'll have a witty and blistering retort! You'll be devastated THEN!
|
|
|
|
f0dder
|
|
« Reply #6 on: April 11, 2011, 02:24:53 PM » |
|
So, Outpost has buggy software, but MS+Mozilla are to blame?  |
|
|
|
|
Logged
|
 - carpe noctem |
|
|
|
Curt
|
|
« Reply #7 on: April 11, 2011, 04:43:07 PM » |
|
-you may dislike Agnitum as much as you may want to, but no one except you has called it a bug.
|
|
|
|
|
Logged
|
Remember what you said, because in a day or two, I'll have a witty and blistering retort! You'll be devastated THEN!
|
|
|
|
sajman99
|
|
« Reply #8 on: April 11, 2011, 04:59:52 PM » |
|
...my Firefox 3.6 is unable to reach the site at all. Opera had no problems opening the page...
Interesting...so does that happen a lot with Firefox 3.6? Do you also find it unstable, or at least noticeably unresponsive at times? Any problems with the Password Manager that you know of? I'm just curious (and likely clueless) what's going on here.  |
|
|
|
|
Logged
|
|
|
|
|
Curt
|
|
« Reply #9 on: April 11, 2011, 06:31:27 PM » |
|
I have had a lot of problems with Firefox 3.5 and 3.6 hesitating to open pages. Normally it goes to the pages okay, but when it comes to actually opening the page, something is not happening, and I need to mark the address and hit Enter again. This is especially true when a lot of flashy things are on the page, but I am not sure it is a security related thing. It also happens on a site that is added to trusted in Outpost. (Why can't I black- or white- list sites in Firefox, like in IE ?)
I have not had any problems with the password manager.
|
|
|
|
|
Logged
|
Remember what you said, because in a day or two, I'll have a witty and blistering retort! You'll be devastated THEN!
|
|
|
|
Curt
|
|
« Reply #10 on: April 12, 2011, 09:23:55 AM » |
|
Thank you for your message.
We will take your suggestions into consideration, thank you for sharing them with us.
SVCHOST.EXE scans all files from time to time. Application Guard silently prevents
attempts to access the protected files. This situation is normal.
--
All the best,
Polina Komarova
Agnitum Support |
|
|
|
|
Logged
|
Remember what you said, because in a day or two, I'll have a witty and blistering retort! You'll be devastated THEN!
|
|
|
|
f0dder
|
|
« Reply #11 on: April 12, 2011, 09:41:24 AM » |
|
That's almost a non-reply, Curt.
SVCHOST.EXE is the process (or rather, a whole bunch of processes) hosting Windows services. Each process can run any number of services... like, a background backup task. Having your background backup task blocked from trying to backup your firefox profile sounds like a pretty bad thing to me.
Granted, you probably don't want malware getting access to your saved passwords - but (assuming Mozilla are doing things properly and you're protecting with a reasonably strong master key), access to the sqlite database won't give malware access to the passwords.
|
|
|
|
|
Logged
|
- carpe noctem |
|
|
|
Curt
|
|
« Reply #12 on: April 12, 2011, 11:27:35 AM » |
|
-you're of course right, f0dder. But I now see hat Mozilla is one of the companies behind sqlite, so they have been aware of this situation all of the way, and didn't care to change it - so what can one man do in this situation, other than eat it.
|
|
|
|
|
Logged
|
Remember what you said, because in a day or two, I'll have a witty and blistering retort! You'll be devastated THEN!
|
|
|
|
f0dder
|
|
« Reply #13 on: April 12, 2011, 11:40:56 AM » |
|
But I now see hat Mozilla is one of the companies behind sqlite It is? I thought it was run pretty much by a single guy  so they have been aware of this situation all of the way, and didn't care to change it If it isn't a problem in their software, what are they supposed to do about it? To me it sounds like output might be doing something it shouldn't be doing - but at the same time, I'd try and figure out which service from svchost.exe is trying to access the password database. If it's something backup related, fine, otherwise you might want to do a thorough check for malware. |
|
|
|
|
Logged
|
- carpe noctem |
|
|
|
sajman99
|
|
« Reply #14 on: April 12, 2011, 12:33:45 PM » |
|
...I'd try and figure out which service from svchost.exe is trying to access the password database....
Cryptographic Services?  Cryptographic Services: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. |
|
|
|
« Last Edit: April 12, 2011, 12:35:34 PM by sajman99 »
|
Logged
|
|
|
|
|
f0dder
|
|
« Reply #15 on: April 12, 2011, 12:43:52 PM » |
|
sajman99: I doubt that would access the firefox SQLite database files
|
|
|
|
|
Logged
|
- carpe noctem |
|
|
|
sajman99
|
|
« Reply #16 on: April 12, 2011, 01:01:22 PM » |
|
Oh, okay--I took a shot. Thought it might be some key service/certificate issue. |
|
|
|
|
Logged
|
|
|
|
|
