Tiny Watcher & ProcessGuard

[pcalvert]

Having read about it on here, I installed Tiny Watcher about a week ago. Then, a few days ago, I installed ProcessGuard free v3.410. At first, ProcessGuard was in learning mode, but after rebooting a few times it switched itself into normal mode. When that happened, I got a notification from ProcessGuard that it had blocked Tiny Watcher from modifying the running processes. Has anyone else encountered this, and/or does anyone know what Tiny Watcher is doing, and why?

Phil

[SpikeyB]

You tend to observe this with Process Guard when you have other security programmes installed. In order to work, the security programmes need to interact with running processes. Normally you give the security programmes the privileges they need.

[pcalvert]

Well, I kind of figured that. And normally I'd let it go at that. But I don't understand why watcher.exe needs to modify any of the running processes. Based on my understanding of its purpose, Tiny Watcher looks for new processes, and modification of previously existing processes (those that it has seen before), so it makes sense that it would need to read in order to calculate hash or checksum values. But to modify all of the running processes? No, I'm sorry, that doesn't make sense to me. There may very well be a legitimate reason for it, and I hope there is. Nevertheless, I think someone who knows how to analyze these kinds of things should take a closer look at exactly what it's doing.

Phil

[SpikeyB]

Does this thread help to explain about modification: http://www.wilderssecurity.com/showt...ghlight=modify

[yankinNcrankin]

Quote:

Originally Posted by pcalvert

Having read about it on here, I installed Tiny Watcher about a week ago. Then, a few days ago, I installed ProcessGuard free v3.410. At first, ProcessGuard was in learning mode, but after rebooting a few times it switched itself into normal mode. When that happened, I got a notification from ProcessGuard that it had blocked Tiny Watcher from modifying the running processes. Has anyone else encountered this, and/or does anyone know what Tiny Watcher is doing, and why?

Phil

I personally have used both programs along with others with none of the described behaviors you are having, maybe its a conflict or glitch with other programs on your box or maybe something else.
Not to go off subject but cyberhawk latest release modifys all of the main start up .exe files of Windows it does this since it hooks into alot of everything its how it does its checking of things.

[pcalvert]

Quote:

Originally Posted by SpikeyB

Does this thread help to explain about modification: http://www.wilderssecurity.com/showt...ghlight=modify

Yes, thank you, that's probably the kind of behavior I am seeing.

Phil