Does RegDefend require any special permissions in ProcessGuard....such as Install Global Hooks or Access Physical Memory, etc.?

nope, no privileges needed Silicon man.

{QUOTE-> Does RegDefend require any special permissions in ProcessGuard....such as Install Global Hooks or Access Physical Memory, etc.? <-QUOTE}None required so far. I have added regdefend.exe to PG's Protection List.

Nick

sorry about that INFINITY

Hey, thanks much for the comeback. ;) Added to PG as well.

This new toy looks AWESOME! :D

no prb Nick, :)

RegDefend.exe will need the ability to install drivers, apart from that it requires no special privileges. :)

{QUOTE-> RegDefend.exe will need the ability to install drivers, apart from that it requires no special privileges. :) <-QUOTE}I have not had any PG driver installation alerts yet. RegDefend is on the Protection List without driver installation permission. Normal behavior?

Nick

{QUOTE-> I have not had any PG driver installation alerts yet. RegDefend is on the Protection List without driver installation permission. Normal behavior?

Nick <-QUOTE}


Are you protecting against Driver Installations in ProcessGuard?

{QUOTE-> Are you protecting against Driver Installations in ProcessGuard? <-QUOTE}Blocked in Global Protection Options.

Nick

Quick question before running out the door for work -

Since there are two regdefend.exe's running, does simply adding regdefend.exe to PG cover both of them? There's no difference in the exe names for both, they just have different process ID's, so I'm curious. Pete

I guess the md5 hash will change cause the files aren't the same "size"... But I have it both on my protection too. the smallest is the one for protection against reverse engineering I believe...the other one is the program itself. so they are definately not the same + not the same md5.

-fingers crossing and hoping I'm right on this...-

{QUOTE-> I guess the md5 hash will change cause the files aren't the same "size"... But I have it both on my protection too. the smallest is the one for protection against reverse engineering I believe...the other one is the program itself. so they are definately not the same + not the same md5.

-fingers crossing and hoping I'm right on this...- <-QUOTE}

Since they both point to the same file on disk, which doesn't change. It will work fine.

{QUOTE-> Blocked in Global Protection Options.

Nick <-QUOTE}

Some of my beta testers have said ProcessGuard fails to see the RegDefend driver installation (RegDefend is kernel mode and needs a driver to be installed), and also a few others have reported here and through email about it. The driver installation method I use is the standard method so I'm not quite sure why ProcessGuard is missing it, quite possibly could be a bug.

I still recommend giving RegDefend.exe "allow driver install" in ProcessGuard even though it currently will work fine without it, since future versions may need that flag set.