Can PG protect against this?

Discussion in 'ProcessGuard' started by siliconman01, Nov 3, 2004.

Thread Status:
Not open for further replies.
  1. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    786
    Location:
    West Virginia (USA)
    Here is a somewhat disturbing event that is under scrutiny through the AdAware forum where a malicous program is modifying the Ignore List of Adaware, thereby preventing detection of spyware.

    http://www.lavasoftsupport.com/index.php?showtopic=50560

    I'm wondering if PG can prevent modification of files that are not executibles, for example IGNORE.INI.

    I tried putting IGNORE.INI in the protection list of PG and then doing a modify on the file. PG did not stop it.

    Just wondering! :rolleyes:
     
    siliconman01, Nov 3, 2004
    #1
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Siliconeman01, Currently ProcessGuard on caters for executables but wouldn't an ini file initiate the running of a process? If so Execution Protection would probably stop it.

    Pilli
     
    Pilli, Nov 3, 2004
    #2
  3. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    All a program has to do is keep a file handle open to prevent that file being deleted, it'd be easy for the Adaware author to add that
     
    Wayne - DiamondCS, Nov 3, 2004
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...