Need info about PG How to set up? !!

HI all.
I just purchase PG and I want to know how to setup for Global protection and what it means.. and little explanation about protection settings I need. I just want to know all this options, so I can explain to my clients and friends they ask me about it. They will become PG subscribers soon, however I need to explain them this features or any other I need to know.
Thanks in advance for your info to everyone whom is expert in this field.. Thanks again.

 

Hi aacm, Here are some of the notes from the PG help file:

Global Protection Options

ProcessGuard provides Global Protection Options which protect various parts of the operating system in global ways. In the screenshot below you can see the area where you can the change the specific Global Protection Options it is on the Main page of ProcessGuard.



1. Protect Physical Memory
Applications that run with administrator privileges can actually access the physical memory on your computer. Every program you run is handled by Windows using "Virtual Memory" techniques which help to protect applications from one another. If an application can view or change the actual physical memory, then it has the possibility to change anything at all on the system which is in the memory. Obviously this is a major security hole which if not protected against, makes every single protection mechanism on your system vulnerable to attack.

ProcessGuard however provides protection against all these physical memory attacks by restricting applications access to it. If some application you need to use actually requires physical memory access (a few security programs and games do), you can allow that specific application to access physical memory. This means you get the full advantage of protecting your system from this serious threat, whilst still using the programs you currently use.

2. Block Global Hooks
Global Hooks are used to add extra functionality to the operating system. Some of this functionality is good and some of it is bad. For instance with a Global Hook a program can record all your keystrokes and mouse movements. Malicious software uses this to steal bank passwords and pin numbers, as well as to intercept emails and many other things. By blocking global hooks you stop the malicious software from being able to do these things, however many normal programs use global hooks so don't just assume every global hook is a bad thing.

If this option is enabled and an application you use requires global hooks then ProcessGuard will alert you. This will allow you to give that program the ability to install Global Hooks if you desire. Some applications are worse than others at handling not being able to install their global hook, so when in doubt you should always give trusted programs the ability to install Global Hooks.

3. Block Rootkit/Driver/Service Installation
This option protects you again unauthorized programs loading drivers and services on your system. A new breed of software has emerged which are commonly called Rootkits. These Rootkits are extremely dangerous since they hide themselves fully from the operating system and most of the time you will never be able to notice it is there. Rootkits are even a danger to ProcessGuard so you should have this option enabled.

If this option is enabled and an application you use wants to install a driver or a service it will be logged so you can see this. You can then determine if you want to give that application the ability to install drivers or services. A lot of security programs require the ability to install drivers and services, however be warned that giving unknown or non trusted applications the ability to install drivers and services can allow dangerous rootkits to be installed.

4. Block Registry DLL Injection
Programs can add their DLL to the list which is stored in this registry key. Once they have added their DLL it will be loaded by 95% of the programs you run on your computer. This leads to a possible attack whereby malicious software can put their DLL into a trusted program and do unwanted things. You should have this option enabled all the time since mostly malicious software uses it. Some spyware such as CoolWebSearch (CWS) use this technique to make it extremely hard to remove from your system.



Allowing programs to circumvent Global Protection Options

Some valid and trusted applications you use will need access to certain things which the Global Protection Options block access to. To ensure that ProcessGuard users can still run all their existing and future applications, you can give certain applications the ability to "override" the Global Protection Options. This allows every application which works fine without ProcessGuard installed to work fine WITH ProcessGuard installed, once setup correctly.



To do this you simply go to the Protection page of ProcessGuard, click on the application you want to give the access to, and then make sure the right option is ticked. Alternatively you can also give access to applications which have been blocked in the Alerts window by clicking on the specific alert and clicking on the appropriate button which is displayed.

HTH Pilli. BTW the helpfile is downloadable as a seperate file from the DCS website

 

Hi Philli..
Thanks so much for your input. I will review and apply as your advice. Thanks again..