ProcessGuard v3 to be released! ...

I think the guy has a point, its not about just being able to lock it down its about being able to easily have more than one operational mode

I would *probably* allow my wife to run different things to what I'd let the kids run

Try explaining to the wife that she can only have the same level of access to programs as the kids because there is only a 'lock' function in the program.
Somehow I think she would have full access before too long or I'd be eating nicely oven-roasted salads.....

This is really the same old request that is asked for in every piece of software
Developers say things like "just do it this way" or "pah, they don't need that"

End Users always have their own new and unanticipated ways of using software thats how they find the remaining bugs after all

Flexibility is the cornerstone of good program design and implementation.
Few would disagree that the flexibility provided in Unix by having pipes and modularised programs has allowed much more to be achieved by reuse and extension. Even .NET now has a pipe model that allows the same thing to be done under Windows (its more abstracted than the unix one because you can pass objects along the pipe)

Just my 2p

 

Profiles! Yes, I like that idea.. you could change your overall protection set easily and on the fly. That would be great for when you use a program that you don't want others using while you are away, and don't want to use multiple accounts. This would also be a good way of changing the protection settings for specific tasks without disabling protection all together.

 

definitely wish PG had a profile feature as well. not that my opinion matters.

 

I assume this post and the earlier one are mostly to do with Execution Protection? ie You want more control over who can run which applications?

 

Keep it simple. Dont try to turn this into an all in one program. Its fine the way it is....serves the purpose I want it to serve.

 

Jason, what about the scanner detection of our at (tds-3) an option to scan the files which are blocked/allowed.

whenever a exe/dll service is blocked we get the option to scan it with our Tds-3?

this would help achieve a more secure machine. this wouldn't be that hard to implement I think, however I cannot do it

 

We will most likely be doing some integration between PG and TDS-4 in a few builds after the initial release (of TDS-4). It is a great combination really and there is a lot of different ways we can integrate it, very exciting.

 

excellent use of logic!

1. dont add more features, it is fine the way it is! for god sakes, dont improve it!

2. it serves the purpose i want it to serve, so dont change it. also, screw other users!

 

1. I don't think that Kegel was implying no improvement but that the program be kept simple.
Anyway DCS are committed to keep ProcessGuard ahead of known threats

2. Just an opinion which can be misread, I am sure that Kegel would not want to "screw other users".

So let's just keep on topic please.

 

That pretty much covers it from my pov

I agree with the others.. it needs to be simple and visual

It would be nice if we could associate a default profile with a user account
Also a user account should be able to switch to one of a number of profiles that they are authorised for

If I have the "wife" policy applied then a different colour for the icon & any alerts to show it up would do the trick
That way if I walk past the computer and see the kids with the wrong colour icon then I'll know they haven't quite managed to fool me completely (yet)

It would also allow me to define a lockdown mode for myself which would be fine for day to day use...

Thanks

 

Jason - THANKS for removing the 'human verification'. It was driving me up the wall having to ask for permission to make my choices everytime I changed my mind or had to disable protection (Graphics driver installs, Microsoft updates etc) It was just a complete nuisance. For people that want some kind of guarantee that family or other users won't alter settings a password protect option would suffice but the main thing I feel is that the choice should be there for those who want it and those who don't. Flexibility so that those with only 1 user and those with many users can take appropriate measures.

For me I don't need it or want it and never liked it being imposed on me so I'm glad to see it gone forever never to return. It's about time common sense prevailed.

Now that PG 3 Final is being released PLEASE don't keep us waiting too much longer for TDS 4. I've got TDS 3, Boclean and Trojan Hunter but what I want is a real time scanner like Boclean but by DCS and with a scan option. Something that looks and feels real cool as well as doesn't hog resources or conflict with other programs. TDS 3 is ok but once exect.proc is turned on loading programs is slowed down considerably. What I want is basically something to protect me especially when I'm online.

Dave

 

this is my opinion. do not impose the feature on users, but also do not remove it completely to appease those that do not care for it while leaving the more advanced crowd in the cold.

 

After all it's US that have to use the program isn't it? So it wouldn't hurt to have both options. They want to keep the program as simple to operate as possible but they could have included and 'advanced settings' option with some tweaks that advanced users like you prefer.

Keep trying maybe they'll include it at a later date. I don't use it but I still feel the option should be there.

 

Hi Dave, This will have to go on to the next wish list as I am sure it will not be implemented in this build.

For those that want to see a couple of screenshots of the final they can be found here: http://www.pilliwinks.net/review.htm#Version_1.200_
Note: The first screenshot is of the Public Beta and the final has some small graphical changes.


Pilli

 

I'd have to say I used the example of a "wife" mode mainly because it is so funny and because it happens. My wife is a computer professional as well and that actually makes it harder to share a computer with her because she is technically savvy ...

The new product is very nice and the extra protection is great...
I had been thinking about buying it and after reading about the new version I purchased it the other day (and have now had a play with the 3beta rather than just reading about it)

It would be good to have profiles and even better to be able to import and export them

As far as which version the feature appears in.... it doesn't really matter
This is just a GUI add-on really so its minor impact stuff not overly high in the TO-DO list I'd imagine

On another note, is there somewhere we can go to get information about the Alerts that are being logged for driver/service entries. At the moment information seems to be rather sparse

I got three entries logged and haven't really found much about them
"services.exe Tried to install a driver/service named ..."
SetupNTGLM7X, WEBNTACCESS, FLASHSYS

And on a functional note, it would be really nice to be able to distinguish between the different types of global hooks (from a grant permissions perspective) - maybe "advanced" mode would give several checkboxes....
[GLOBAL HOOK] [2124] was blocked from creating a global Keyboard hook
[GLOBAL HOOK] [3880] was blocked from creating a global Mouse hook

Why wordpad.exe wants to create a global mouse hook is beyond me... but even if I wanted to enable that why would I want it to have a global keyboard hook privilege as well ?

For the wishlist and an advanced mode :
- it would be good to be able to display the parent process (and its command line) in the gui as well as the logfile
- when the process is cmd.exe and it is running a bat or cmd file also display the name of it
- it would also be nice to be able to specify that programs are only allowed to start from certain parent programs to further lock down access

For example, I have a batch job that downloads some ActiveX blocking registry definitions from spywareguide.com and then runs then into the registry usiing regedit, but I wouldn't want other arbitrary programs invoking regedit...
Of course in my case it is as easy as copying regedit.exe to a new name and allowing that to run while denying the generically named executable but there are probably other cases where this would be undesirable (or maybe even unworkable)

At the moment I get log entries like this, which as can be seen don't show the cmd file name (just cmd.exe) :

Sat 30 - xx:xx:xx [EXECUTION] "c:\program files\wget\wget.exe" was allowed to run
[EXECUTION] Started by "c:\windows\system32\cmd.exe" [3432]
[EXECUTION] Commandline - [ "\program files\wget\wget.exe" --timestamping -nd http://www.spywareguide.com/blocklist.reg ]
Sat 30 - xx:xx:xx [EXECUTION] "c:\windows\regedit.exe" was allowed to run
[EXECUTION] Started by "c:\windows\system32\cmd.exe" [3432]
[EXECUTION] Commandline - [ c:\windows\regedit /s blocklist.reg ]

 

Hi gottadoit

This is generated to the ogfile.txt in the final version and appears to show the command line parameters.

Fri 29 - 10:22:18 [EXECUTION] "c:\winnt\system32\svchost.exe" was allowed to run
[EXECUTION] Started by "c:\winnt\system32\services.exe" [556]
[EXECUTION] Commandline - [ c:\winnt\system32\svchost.exe -k imgsvc ]

I'm pretty sure this is an area that Jason has tweaked since the last Public Beta.

Regarding Global hooks, some programs always appear to want to set them, CFTmon.exe being one imparticular, as does Internet Explorer but choosing to ignore these does not appear to effect the programms normal functionality, i.e when you get just one or two alerts when an app starts up, though I am sure this will be very much program / user depenent.
Remember allowing global hooks for a protected process should not be regarded as too much of a threat as a keylogger could still not inject into a process to create it's own global hook providing that Block Global hooks & .dll injection is enabled. See here http://www.diamondcs.com.au/processguard/index.php?page=attack-keystroke-loggers


Thanks very much for your input - Pilli

 

I can hardly wait. Please tell me the new version will have the ability to import settings from the current version...

 

Thanks, Peter. Since I started using PG a number of months ago, I had to start from scratch once, and it was time consuming to recreate all the program protection rules. I'll be interested to see how the learning mode can handle this task.

 

Hi. An earlier post in a different thread for a different PG version noted only add programs that access the firewall to the protection list. Is this still the case, or should all programs one uses eventually end up on the protection list? Notepad, Endnote, Corral, etc.

Best Rgds.
Xnij

 

Well that all depends.....I have a weak spot for brunettes.

 

Don't you just hate it when it's a beautiful sunny Sunday in Perth and you have to work all day due to an imminent software release?