I'm not sure this is the right forum for this but do forum members have any experience or opinions with TaskGuardian

http://www.asmdev.net/products/taskguardian/index.html

Thanks

Jeff Kogler

Hi Jeff,

I have been doing some tests with that software after they asked permission to use the CLSID list at CastleCops. I haven't had a chance to test its effectiveness against any real malware, but I will be doing that shortly (I should, because the 21 day trial period is almost over) and post the results.
My thoughts sofar is that is gives a already experienced user some more insights in what is going on on his computer. But a word of warning about their use to express the probability of something being malicious in percentages should be made IMO.

Look at the screenshot and you will see that it is easy to draw the wrong conclusions.

Regards,

Pieter

A few quick experiments.

I registered a dll that was recently discovered (sample provided by CalamityJane)

Of course I monitored the process. You can see below how TaskGuardian shows a new startup entry (in yellow)

http://www.wilderssecurity.com/supportfiles/taskguardianstartups9-4P_A.jpg

When I registered the dll I used HijackThis to see if it worked, because TaskGuardian didn't do anything.
This was the new entry:
O2 - BHO: Windows Proxy support DLL - {2DC9D850-144D-11E1-B3C9-10805E499D93} - M:\Manege\openwares\winprox\winprox.dll

It was recently added to the CLSID-list as: http://castlecops.com/clsid-1781.html
New items are added there very regularly, so it would be wise to inform how often updates will be done, since I did not find any options in the program to check for updates.
What puzzled me is that the new BHO was only noticed after a restart of TaskGuardian. (screenshot)

http://www.wilderssecurity.com/supportfiles/taskguardianbrowsers9-4P_A.jpg

It did effectively remove the BHO without problems.
When checking if the BHO was still loaded in memory I found one more thing I would have liked to see differently.
You would expect to get the list of loaded Dynamic Components sorted alphabetically when you click the Loaded Module tab, but that doesn't happen, so you have to scroll through the list. (screenshot)

http://www.wilderssecurity.com/supportfiles/taskguardiandynamic componentss9-4P_A.jpg

I'll be back :D

Regards,

Pieter

Thanks Pieter,

I look forward to any other test results you have time to post.

Jeff

My last day of the trial, so I had to rush it a bit.

A random named BHO was recognized and diagnosed correctly.

Note for this screenshot that only the first (highlighted process) is malware.
What I do like is that it gives the reasoning behind why a process might be "dangerous"
You can see some of those in the right bottom corner.

The Network Guardian does not show very much nor does it give much information. I think this part still needs a lot of work.

As comparison a Port Explorer screenshot made with the computer in the same state.

I hope I was able to give you an accurate impression of what you can expect.

Regards,

Pieter

Seems to be very similar in it's concept to Security Task Manager.
http://www.neuber.com/taskmanager/

muf