I don't know if this has been brought up before, but I would like to see the PG database updated on this page here (http://www.diamondcs.com.au/pgdb/index.php?showall=1) for a more and complete list of apps.

Thanks ;)

Regards,
hardyhar

-{ Quote: "I don't know if this has been brought up before, but I would like to see the PG database updated on this page here (http://www.diamondcs.com.au/pgdb/index.php?showall=1) for a more and complete list of apps.

Thanks ;)

Regards,
hardyhar" }-

Definitely, I tried to check a lot of commonly used programmes but found nothing.

Tried searching this thread but couldn't anything about password protecting Process Guard.
Would this be feasible?

I thought the Lock feature was password protected?

-{ Quote: "I thought the Lock feature was password protected?" }-


Aha, lol.
Thanks for that.

That`s what we`re all here for. :)

The possibility to have Process guard launch successfully under a different name. Basically being able to rename dcsuserprot.exe, procguard.exe, pgaccount.exe to anything we want. Would sorta help against attacks who try to kill process guard by name?

Ability to allow/deny system shutdowns/log-offs. :)

.ini file modify protection.

On a side note, does anyone know if WinXP Pro has WFP? I am using Win2kpro atm and will be switching to WinXP Pro when I build a brand new PC.

I have turned off all these in the registry: Balloon Tips, Folder Contents Info Tips, Explorer Pop-Ups, Show Info Tips, Start Menu and Notification Area. (I still get those horrible tool tips in the taskbar and quickstart bar). Anyhow, I get NO popup from PG when it goes red and stops a process from doing something. I desperately need a pop up. I would be happy to have a pop up in the middle of my screen or anywhere that isn't connected to those I listed that I disabled. I never notice the change in color of the icon because I use tiny icons and I keep the taskbar at 70% transparency. I don't need to see stuff on the taskbar...except the change of color in PG and I only need to see that because I get no other notification such as PG giving me the GUI showing what it has just blocked. Everything else on the taskbar I only need to see barely...just enough to know what it is if I click on it. (And I don't need tooltips because I know what each icon is for).

That is what I want: the GUI to pop up on the Alerts tab in full screen so I can see what has happened. However, I will not enable any sort of stupid, cartoonish, irritating ballon tips in the task bar. I did read a post earlier in this thread from someone complaining that the popup is in the center of the screen? I have never seen that. That shouldn't be connected to what I turned off which is stupid, silly stuff Microsoft insisted on infecting XP Pro with....childish stuff. I don't see how I turned off a proper popup from PG but I have never had one. I get KIS2006 popups even though I have all the taskbar popups, tooltips, etc. turned off.

I just wasted a lot of time trying to debug Power DVD which had repeatedly crashed right after opening. I never thought to look at the PG icon until much later. Plus, of course the taskbar was not on the DVD screen so there was no way, even if I remembered to look, to see that the PG icon had turned red! I tried over and over to run Power DVD and then finally turned it off and that was when I saw the taskbar again but I didn't notice the PG icon color. I ran Dr. Watson and then I was scratching my head trying to figure out what Windows debugger was telling me about Power DVD. When I FINALLY happened to notice the PG icon was red it all became clear. PG had stopped Power DVD from accessing physical memory.

I simply cannot remember to look frequently at the icon. (Plus, in this case, there was no taskbar to look at). I never look at icons in the taskbar! (On my 98SE box I had the taskbar extremely narrow so I only saw a tiny sliver of each icon and I hate that I cannot make the fat taskbar in XP narrow and the icons very tiny. So I do the next best thing and make the taskbar highly transparent). I need PG to give me a full screen popup when it does something like that. A smaller popup in the middle of my screen that I can make full screen if I want (which I would always) would also be ok. I have been strugglingly to remember to look at the icon for months now. If I can't remember PG will not be worth having to me. I'll just run BoClean as Kevin just fixed that icon expressly for me. Don't get me wrong, I love PG but this is a big issue for me.

I would like to see the ability added to allow and deny “specific” global hooks on a global level and on an application basis. There are occasions when it is desirable to allow an application to use a specific global hook, but there is no fine-grained control.

It would also be very helpful if alerts could be set only on specific policy violations. For example, there might be no need to be informed applications want to set a global mouse hook. However, you might want to be alerted if any application tries to capture keystrokes (I forget the global hook for that).

Shawn

-{ Quote: ".ini file modify protection.

On a side note, does anyone know if WinXP Pro has WFP? I am using Win2kpro atm and will be switching to WinXP Pro when I build a brand new PC." }-
yes winxp pro has windows file protection

I was just wondering if it would be possible to neither allow nor deny a process to start. Some programs may start 3 things at once, while you may wish to configure some stuff with the 1st program, processguard execution protection prevents you from seeing anything in the middle... Maybe make it possible to have a button where you allow the execution protection window to be movable/minmizable or add a new button on top of the allow/deny - suspend. So it would be possible to suspend to 2nd and 3rd program from running while you look at the first. Thx

I'm a new PG user (full 3.15 version) and I have two suggestions:

It seems to me that there should be a better way of handling rundll32.exe, cmd.exe, etc. I run several scheduled tasks (unattended batch files) and I cannot be there to allow the specific dll or batch file, yet I do not want to always allow everything these programs run. Perhaps there should be a special category for programs that run dll or scripts that allows permissions for the particular file thy run...

Also, it would be nice if the program remembered its window size and state...

dea, you can get PG's GUI window size to be "remembered" by first adjusting PG's GUI window to the way that you want it, then rightclick on th PG icon in the systray, and then click "exit" to close PG's GUI.. then PG's GUI window size will be remembered, after that..

PG's protection is still running while the GUI is closed, incidentally..

one thing that i am concerned about is PG's allowing processes to run without user authorization, probably during bootup.. i understand that, in some cases, that may be necessary, but maybe pg could be pre-programmed to allow some things while not allowing just anything to run at bootup.. obviously, the only thing that i am concerned about is some malware's running without authorization..

PG has never allowed malware to run without "authorization" on my pc, but i have seen, in PG's "security", where some things were allowed to run without user authorization..

will process G install on win xp 64.?
If it does will it install the driver in the right place ?:-*
if not will there be a 64 bit version of pg ?

a bit more detail

wish list ?

does pg install on win xppro 64?
either as a wow64 (program files x86)
or a straight program files
if the front end installs and the driver does not install is there a 64 bit driver ?

yes I like the idea of fiddling with Win64 ( Everyday something fresh)

if it does will the licence transfer to the xp64 from the win2k installation on the same computer or will I have to uninstall the 2k pro installation before reinstalling on the win64 version... I've already had a fiddle and the program reports no driver installation ?

I haven't tried tds3 or but port explorer seems to be coping in program files X86

PG currently does not work in windows pror x64

Hi WSFuser, There will not be a build for X64 according to this thread: http://www.wilderssecurity.com/showthread.php?t=63752&highlight=xpad:

HTH Pilli :)

i wish that instead of PG's automatically blocking things, it would pop up an alert, asking if you want to allow the action.. for example, if "services" wanted to install a driver, PG could pop up an "alert" asking if you want to allow "driver install"..

Hi,

Don't know if this was already suggested but I would like a better way to detect obselete PG lists entries (deleted/uninstalled executables). We can see those obsolete entries with the defaut "system" icon but there is a bunch of applications that use it (with no icon resource for example...). The kind of feature I request can be seen in Look'n'Stop application filtering : a question mark icon for deleted applications. Ultimately, there could be a way to purge PG lists by user request (with prompt).

Thanks in advance ;)

there should be a way to manually add programs to the security list.

For the new programs that I allow to always run, I would like PG to also add them to the Protection tab automatically.

Is there a reason why PG doesn't currently do this? Why wouldn't I want all of the programs that I "Always Allow" to be protected from modification and termination?

From most to least favored solutions:

1) combine the two tabs into one and only have one set of program names/folders. I would like to see all attributes of each program in one view. It seems that this might be possible if you didn't use such verbose descriptions in the right columns (e.g. "Install Global Hooks"). And you would only have to add two columns to the Protection tab ("Last Action" and "Last Run").

Or, if you keep both tabs, at least only use one set of program names/folders. This seems possible because if there are programs in the Security tab for which you don't want any protection, then the program can still be added to the Protection tab but with none of its checkboxes selected.

2) or automatically add every new "always allow" program to both tabs

3) or an additional checkbox on the prompt (e.g. "Protect this program") that's already selected by default (or remember the last user choice)

4) or a button in the GUI that allows us to add all missing programs from the Security tab to the Protection tab

5) or a comparison report that we can view in a non-modal window or in a text file

I run many programs on my computer, many of which I will only start after the initial Learning mode is done. After using PG for a few days, I now realize that there are already many programs missing in the Protected tab. I expect that it will be a huge hassle to switch between the two tabs over and over again to manually try to sync everything, not just today but in the future too.

In the future I suppose that I'll have to train myself to remember to open the PG GUI and manually add each new program that I run to the Protected tab each time. That doesn't sound like much fun to me.

At the moment there is a 250 (?) application limit to the protection tab, but i don't know of any for the security tab ... Soo, if the protection tab is full, then no more apps would be allowed to run if PG were to automatically add to both lists (under the current implementation).

Combining both lists sounds like a great idea, it may even help PG deal with the protection list in a more unlimited manner ;).

I've discovered that I can select all the filenames in the security tab (by pressing Home then Shift-End) then right-clicking on one and choosing "Add to protection list". PG then adds any missing filenames to the protection tab. I'm very happy to know that PG can do this, but I'll have to do it manually about once per week so I'd still prefer that it be completely automatic.

After doing the above procedure, I now have more filenames in the protection tab than in the security tab (153 vs 134). I'm concerned about the upper limit that you mentioned that might only be 250 filenames. Since I haven't even been using PG for a week, I expect that the number of filenames will continue to grow. I wonder if PG would warn me if I reach the limit.

If you are using one of the newer betas (don't know when they introduced it) it should tell you that the limit has been reached.

Also, the number of new applications tends to drop over time, so atm you should still be alright ;). If you do hit the limit, look through the list to make sure that they are still existant (ie. not 'dead' entries) and revise if they really need protection. think about it ... not all programs need to be protected ;D (has to be some extreme case for all programs to need protection).

Not sure if this have been requested before.

Future PG should allow you to block extension(s). For example: Block *.WMF files from running. It does not matter the name, as long it ended with *.WMF it stops right there.

I haven't used any of the versions of Process Guard. Why? Becuase I am intimidated by it. Same reason I won't use Jetico or Outpost pro firewalls. All of these programs are probably excellent security programs, I just don't have the technical knowledge to run them.

So I would like to see a version of Process Guard that makes most of the decisions for you. Supposedly Prevx has done this with PrevxABC mode. Blackspears settings do this for NOD32. Sure would be nice to see a newbie friendly version of PG. Of couse, you must keep in mind that this is coming from someone who is too intimidated to even download and try the current version.

-{ Quote: "So I would like to see a version of Process Guard that makes most of the decisions for you." }-It already does - via its Learning Mode feature (which creates permissions for any program that you run). Of course, you have to switch off Learning Mode before you can gain any protection since malware would be given access also (which is why DiamondCS recommend installing PG on a clean system).

Would it possible to add detection and prevention of OLE automation of an application as used by PCFlank's leak test? Also, what's the likelyhood of implementing an API protection scheme? Such as disallowing SendMessage to be used with Internet Explorer as is done with the first breakout leak test and some trojans.

Maybe it's not the goal of the program.
I think it's techniques could be used for management purposes.
Eg allow programs (eg solitaire.exe) to run between xxxx (12.00) and yyyy (13.00)

Will come in handy in offices so people don't eg play or chat during work hours and only during breaks are outside office hours

When an intrusion is detected somewhere on my LAN, a message should be send to an "administrator".

The message could be an email, a popup, an event written in the event log, maybe even sms ?

I imagine messages like :
"User xxxxx on computer yyyyy has tried to run program zzzzzz"

I would like to get the program installed on new computers automatically.
Installation now requires licence agreement, clicking next, ..
Could this be automised so I can get an installation by a script or something similar

-{ Quote: "Maybe it's not the goal of the program.
I think it's techniques could be used for management purposes...When an intrusion is detected somewhere on my LAN, a message should be send to an "administrator"....I would like to get the program installed on new computers automatically." }-These features, while possible, would require a significant expansion of Process Guard and would be of little benefit to its current user base. On the other hand, they would be of great benefit to businesses and corporations looking to secure their networks.

Whether DiamondCS wish to tackle this market, I cannot say - but it would require significant additions to PG (automated installation, centralised configuration and monitoring) while recent changes have focused more on its internal workings.

PG should have a feature to scan your start menu and maybe desktop too for programs. it would be much faster than using learning mode.

-{ Quote: "PG should have a feature to scan your start menu and maybe desktop too for programs. it would be much faster than using learning mode." }-This wouldn't offer much benefit unless PG was to actually run each program listed - it would have no way to determine what special permissions (install driver, etc) were needed otherwise. A better option IMHO would be the ability to prompt whenever a program attempted such access and suspend it pending a user reply (at least 2 other programs offer this).

-{ Quote: "This wouldn't offer much benefit unless PG was to actually run each program listed - it would have no way to determine what special permissions (install driver, etc) were needed otherwise. A better option IMHO would be the ability to prompt whenever a program attempted such access and suspend it pending a user reply (at least 2 other programs offer this)." }-
i should have clarified: i would just want the apps to be added to the security list.

i would manage special permissions myself.

ability to import/export PG settings (the lists). Currently you can backup pguard.dat and pghash.dat, but i would like an easier method. especially one that isnt version specific.

Please add these features to Process Guard:

1) Option to add Process Guard currently running services to protection list on new version installation, general currently running processes as a separate option, or both together as a third option.

Therefore, if using the Autoblock of new/changed progs, then you won't forget to update PG checksums and won't be locked out from the main GUI.

OR some way for PG to auto recognise itself.



2) Blocked execution items reported separately to those allowed - so they are not missed (can then be easily detected by user)


3) RE: Auto allowed processes (which cannot be blocked) or warnings - clearly show what files these are



Thanks so much.

Best regards,
Lee.

Hi,

I will switch from a monocore to dualcore processor this weekend. One major problem is core affinity settings, so I thought : ProcessGuard could be a good way to set core affinity on application launch (and even remember settings...:))!

What it could bring :
- bypass old application incompatibility with multicore processors,
- segment ressources : reserve one core to services & security apps (set affinity on windows startup)

If ever integrated, I understand it won't be a top priority but... :)

For long-time users who have senility problems...

Sure would be nice if we had a utility much like a registry cleaner that would go through all of our Protection entries and Security entries, as separate lists, and advise which entries no longer exist!

Should be pretty simple for some one out there, even apart from the program's writers, to develop such, but as I have gone over the deep end between failing financial matters and having four daughters, I can't pinch-hit this one...

Oh. And if someone would be so kind as to tell me what the heck are "GLOW" tags and what options are available, I would at least feel like I got smarter...

Just to add critical updates that I am sure DiamondCS are well aware of, please add:

1. BETTER TERMINATION PROTECTION AGAINST NEW METHODS

2. BETTER HOOK PROTECTION AGAINST KEYLOGGERS


Thanks very much for your attention to any improvements with these.

Best regards,
Lee

Don't know if this has been suggested yet:

Ability to drag 'n' drop an entire folder onto the PG screen and have PG automatically checksum everything in it and add them to the protection list. This would be great for folders with large amounts of .exe files and such. Also the ability to ignore entire folders all together would be nice.