Solved

Please explain 'protected information' of identity shield > protected appliactions

  • 6 July 2012
  • 3 replies
  • 1038 views

I could not find anything helpfull on the term 'protected information' in the help file nor on this forum. What kind of information is protected? Or are applications as a whole protected? I have had a lot of trouble using this feature and think I still have. I have moved almost all apllications to 'allow' mode.
Understanding what exactly is protected, would help me to understand the usage of this potentially very usefull feature imho.
icon

Best answer by JimM 6 July 2012, 17:20

It will protect "any information entered" and does not discriminate in terms of what to protect based on the contents of that information.  It might be your credit card number in one instance and a shopping list, or some trivial data in another instance.
 
To be a bit more granular in answering this question, let's take a particular setting of that shield and discuss it a bit.  If, for instance, you have "prevent programs from accessing protected credentials" checked in the main settings, it will prevent untrusted programs from accessing secure areas such as Windows secure storage, cookie information, stored passwords, and saved forms.
 
Regarding the troubles you've run into before, I notice the last time you contacted support, you were running version 8.0.1.151.  The current version is 8.0.1.203.  There have been a number of improvements made to the Identity Shield since last time you contacted us.  It would be worth ensuring you are on the most current version.  You can look into this by going to My Account from the main screen of the program. 
 
It's also entirely possible that the programs you are running into issues with are considered "untrusted."  If they are not listed as Known-Good on our end, they will be flagged as Unknowns and treated with a greater degree of suspicion.  One possible solution would be for us to whitelist the files in question if that is deemed appropriate.  However, based on your case history, I see at least one of those programs is a macro scripting program.  The thing about scripting programs is that while there are ways to make good scripts like "fill out this form for me," "do a bunch of boring stuff in this game for me so I don't have to do it myself," etc., you could also conceivably do something nefarious with a script like "make a record of everything typed into a form and then send it somewhere" or "duplicate your files until the hard drive is full."  So I suspect that probably our threat researchers would not want to go so far as to whitelist the scripting utility itself.  Ultimately, more research would need to be done to come to a firm conclusion regarding that tool or any other program you'd like us to check into, but we can do so on a program-by-program basis if you'd like.  Please let me know if you'd like us to do that for you, and I can reopen that support ticket.
View original

3 replies

Userlevel 7
It will protect "any information entered" and does not discriminate in terms of what to protect based on the contents of that information.  It might be your credit card number in one instance and a shopping list, or some trivial data in another instance.
 
To be a bit more granular in answering this question, let's take a particular setting of that shield and discuss it a bit.  If, for instance, you have "prevent programs from accessing protected credentials" checked in the main settings, it will prevent untrusted programs from accessing secure areas such as Windows secure storage, cookie information, stored passwords, and saved forms.
 
Regarding the troubles you've run into before, I notice the last time you contacted support, you were running version 8.0.1.151.  The current version is 8.0.1.203.  There have been a number of improvements made to the Identity Shield since last time you contacted us.  It would be worth ensuring you are on the most current version.  You can look into this by going to My Account from the main screen of the program. 
 
It's also entirely possible that the programs you are running into issues with are considered "untrusted."  If they are not listed as Known-Good on our end, they will be flagged as Unknowns and treated with a greater degree of suspicion.  One possible solution would be for us to whitelist the files in question if that is deemed appropriate.  However, based on your case history, I see at least one of those programs is a macro scripting program.  The thing about scripting programs is that while there are ways to make good scripts like "fill out this form for me," "do a bunch of boring stuff in this game for me so I don't have to do it myself," etc., you could also conceivably do something nefarious with a script like "make a record of everything typed into a form and then send it somewhere" or "duplicate your files until the hard drive is full."  So I suspect that probably our threat researchers would not want to go so far as to whitelist the scripting utility itself.  Ultimately, more research would need to be done to come to a firm conclusion regarding that tool or any other program you'd like us to check into, but we can do so on a program-by-program basis if you'd like.  Please let me know if you'd like us to do that for you, and I can reopen that support ticket.
Thanks for the extensive answer. That explains a lot for me. Regarding the 'scripting class' of programs, I would extend that to utilities in general. They work for others and communicate information. And I'd include the clipboard as a manual utility.
 
If I understand the identity protection correctly, utilities would have difficulty to serve protected applications, right? I see now why some clipboard operations and my password protectors may have issues. But I cannot pinpoint the issues yet to open another case. My earlier script issue is gone, however it may be because I unprotect 'everything...... (I run 8.0.1.203)
 
Also for my understanding, when is an app added to the list. Are all non-listed apps untrusted?
 
Userlevel 7
Apps are added to the list manually except for browsers, which get protected status by default. Anything not manually added to that list is not protected by that particular shield.

I think you're probably correct that a scripting tool that accesses protected information might run into problems of the nature you've seen before for the reasons I specified above. I'd need to see new logs to be certain of my diagnosis, but with the knowledge at my disposal right now (which is a reasonable amount based on the prior ticket), it's the most logical explanation I can make.

Probably the best solution in this case is the one you've already implemented - leave the scripting tool as Allowed in Protected Applications.

However, it is possible you may be able to circumvent the issues in question another way by locally whitelisting the scripting tool on your particular computer. You could facilitate this by going to PC Security > Quarantine > Detection Configuration > Configure and adding the program to the list with an Allow setting. That would ostensibly get around the issue of it being flagged as Unknown. If you elect to do that however, I would avoid running scripts you didn't write yourself since the scripting tool would be treated as an absolute Known-Good.

Reply