[Gpg4win-users-en] dirmngr, for paranoids.

Moi Me Julesss2 at hotmail.com
Sat Sep 6 06:45:38 CEST 2014


Hello, what operations this service do exactly, does it only cache requests or does it need to touch files somewhere? (Not including its own folder)
If It doesn't need to write files somewhere, or read files from user's personal file, we could start making it run with its own user too, by default. (Using NT SERVICE\DirMngr, automatically created by the system when dirmngr is registered as a service) for security's sake (as it won't be able to take down the machine if a flaw is found, since it won't run on an above-administrator account)

If it needs to write files somewhere (temporary files for example) it could use its personal folder (since it will run as its own, it will have one created by the system in, by default, %systemdrive%:\Users\DirMngr)

>From what I understand its purpose is to check revocated certs, does it store the revocations somewhere locally? (Probably) Where? 

-----Original Message-----
From: Gpg4win-users-en [mailto:gpg4win-users-en-bounces at wald.intevation.org] On Behalf Of Andre Heinecke
Sent: Friday, September 05, 2014 10:21 AM
To: Chris Marlow
Cc: gpg4win-users-en at wald.intevation.org
Subject: Re: [Gpg4win-users-en] How do I prevent dirmngr.exe from starting up and running in the background?

Hi,

On Friday, September 05, 2014 03:45 PM you wrote:
> What do you mean by "Under Linux dirmngr also runs as a service with 
> its own user account"? Could you provide an example that is using Debian as the OS?

Not sure what you mean, dimngr gets started as a service running under the user dirmngr on debian if you have it installed.

> > Yes it is launched as a system service. You can disable this like 
> > any other service in system settings / management / services.
> How do you disable it? I tried many times to disable it but dirmngr 
> would reappear as a service after each boot.

1. Right click on Computer icon on your desktop or on computer in the startmenu.
2. Click on Manage
3. There is an entry Services and Applications.
4. Find dirmngr in the list and disable it.
 
> As it appears that dirmngr is resilient to being disabled, what I did 
> was to use Symantec Endpoint Protection -my preferred antivirus, 
> malware and
> firewall- to block it from communicating with the internet. Is that 
> alright?

Uaaah, we just love it when some Protection tools interfere with the Software
;-)
But yes as long as you do not use S/MIME at all you can pretty much do what you like with poor old dirmngr (Honestly I am not sure if you could not just delete it I have never checked what happens then)

Regards,
Andre

--
Andre Heinecke |  ++49-541-335083-262  |  http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner



More information about the Gpg4win-users-en mailing list