can someone shed some light on what this feature does? i didn't see any explanation of it in the help files. could enabling this feature (in protection options)cause any conflicts, like when installing programs or windows updates? incidentally, i have always enabled this feature, "block dll files from being added to app_init_dlls regkey", but i don't know what it is. thanks

Hi Redwolfe_98, I believe this is roughly how it works but you will have to wait for DCS to get a proper description :)
If a malicious programme tries to create a registry entry Appinit - Application Initiation for an injected .dll (one associated with a listed Application) PG will block the attempt thus renedering the malware unstartable.

You are correct in saying there is no direct reference to this feature in the help file.

HTH a little. Pilli

If i remember right, all DLL added to this registry area are loaded by every application starting, making this a great opportunity for malware/trojans to load inside trusted apps without any security software notice it, because it's the app itself which load the DLL.

By blocking this, PG ensure your applications integrity :)

Heres Adware which uses this method
http://www.sarc.com/avcenter/venc/data/trojan.bookmarker.html


When the Msconfd.dll file is loaded, it does the following:

Adds the value:

"AppInit_DLLs"="msconfd.dll"

to the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

so that the .dll file is loaded each time you start Windows NT/2000/XP.