I have a question for the SSM gurus out there. What is the SSM Service Guard for *NT? Does it provide protection not available in 1.94b1? Does it mean all versions of NT (4,5,XP)? I downloaded and installed it, but did not notice any configurability (other than uninstalling it) or benefit, so I removed it pending further research. I could not find any documentation available.

Hey

I don't use SSM but "SSM Service Guard allows you to monitor activity of system services in WinNT.", meaning you have Protection now for Services in NT Systems which could possibly be attacked/exploited... ;)

Ok, so I guess my question is how does it function, rather than what is it ;D

Upon testing it doesn't prevent services from stopping, so is it just a sandbox for services? SSM appeared to do that itself..

read here again:

http://mcom.fatal.ru/help/new/svcguard.html

sounds to me like it enables monitoring of system services for NT only. The screen shot + verbage indicates the use/need for the latest mchooknt.dll which implies that if you see some activity on a system service you can stop it.

email Max and to confirm this is added protection above SSM for system service.

if Max confirms added protection, for comparison purposes, you may want to look at Process Explorer. bellgamin recommends this one highly as a process monitor/killer...

{QUOTE-> quoting: bellgamin link=board=25;threadid=17130;start=#msg108015 date=1070867354]

I agree, peakaboo. For a well-supported program that wil kill processes & do lots of other stuff -- I recommend Process Explorer. It's a small program with a BIG usefulness. Get it free from...
System Internals (http://www.sysinternals.com/ntw2k/freeware/procexp.shtml)

You are gonna looove me for introducing u 2 this little darlin' sweetheart of a proggie! 8)
<-QUOTE}

Well... SvcGuard is NOT a standalone program it's just a plugin for SSM, which allows it to monitor activity of non-desktop-interactive services as well as other applications. Why it can be useful to improve SSM with this plugin is explained on it's homepage. This plugin does nothing itself, but it's just provide some kind of transport between non-desktop-interactive service and SSM's main module. It works in any NT and it can be uninstalled/removed via control panel ("add or remove program" or something). To test it you can try to start "smart card service" with and without svcguard started. In first case SSM will ask you do you really want this .exe to be started; in second - you will just be notified that it was started already.