Disturbing behaviour: Trend Micro PC-Cillin Internet Security 2006
Ok, from my just published Blog about Deepnet Explorer we know that I was forced to use System Restore today to undo damaged caused by installing and then uninstalling Deepnet Explorer.
By way of background, I'll explain that on Saturday I was taking part in a Remote Desktop session with another MVP. Because of connection issues caused by the Trend firewall I disabled it and depended on my router's firewall, and the Windows firewall for protection in the interim. The Trend firewall is used on my internal network as one more layer of protection just in case one of my PCs is infected by something network aware - running firewalls on all machines, even behind a hardware firewall, stops things from spreading from box to box if the worst happens.
It just so happens I forgot to turn the Trend firewall back on again when the RD session was finished, and did not turn it back on until this afternoon.
The first restore point that I had available to me was from yesterday, saved after I had turned off the firewall.
I don't know what prompted me to go and check, but I am disturbed to have discovered that my Trend firewall was once again disabled after I ran system restore. I'm not sure *why* that would be so, but there you have it.
I'd be interested to hear if anybody can recreate what I have seen today; turn off the Trend firewall (assuming you have Windows or a hardware firewall available to you), then set a restore point. Turn the firewall back on and apply the restore point. I'm betting you'll find the Trend firewall has been turned off.
Assuming what happened to me can be reproduced by others, it is worrying behaviour. A full list of file types monitored by System Restore can be found at the following URL... which is Trend using to store Firewall settings?