pe guard

Have anyone tried testing this against any MBR malware for e.g. the Killdisk trojan?
Does it offer protection from low-level disk access or direct disk access?

Does it have any kernel hooks just like any Classical HIPS or application control firewall or does it use only kernel mode drivers like Sandboxie?

 

Installed PEG OK and not many warnings at all for a few days but today I
went to download a couple of Apps. from Snaps. and appear to have hit a snag - As downloading the first App. began PEG warnings popped up and I clicked to Allow multi times but they constantly popped up so I must have been clicking the wrong item - After 1.85 MB completed downloading I checked and the size downloaded was 633 KB's - I then downloaded another App. 430 KB's
but once it completed I checked to find only 60 KB's.

Exited PEG and downloaded both Apps. and their correct sizes before switching PEG back on.

Can anyone advise please re. the downloading situation from a legit. site
how best and easiest to handle PEG without the need to switch it off ?

 

Found out that mchInjdrv.sys is being used by something legit.


winHole7 + opaida

Thanx for the detailed info + the update.

trismegistos

Well it would be Brilliant if it could help protect against an MBR nasty, but i wonder ?

I ran Rku/Gmer/Icesword and didn't notice any hooks. I think it's probably more like an AntiExe + type App.

MICRO

I also noticed PEG intercepting downloads, and had to click allow a number of times. This is actually quite clever, but can be frustrating. I've decided to disable it in future whilst i download something i expect to be safe. Don't know of any other App that does this, so as far as know it's a first for PEG !

 

StevieO thank you to kindly note the content of my Post #63 dealing of MchInjDrv.sys .


PROROOTECT

 

jmonge
I don't think you have to download the update, because it was
enough 20 sec countdown with you
The update only in the countdown timer.

trismegistos
sorry, I am not sure about direct disk access!!

MICRO+StevieO
it's better to put PEG in normal mode when downloading an PE file.

 

OSSS will do this. Very powerful HIPS cant wait for the final version.
PE Guard seems to be a nice little app as well.

 

Hello to all,

@opaida
Thanks a lot for your explanations... and for the updated timer function !
... And your English isn't worse than mine

@StevieO
Not too far from the truth...

@trismegistos
As StevieO said, "PEG.sys" seems to be a kernel mode driver... (no hook and not hidden)

It seems that "PEG" only protects different executable type [*.exe], dynamic-link library executable type [*.dll] and driver [*.sys] files against a process that tries to get a write access to them.
As it may be a legitimate one (SuperCopier, Eraser...) or a bad one (malware...), we just need to pay attention to what is good (allowed) and what isn't (revoked/prevented)...
About the downloading; I never switch to "Normal GUARD" but I verify the process (that requests a write access) and the (downloaded) file and, if it's okay, I check "Apply to this pair always." then I click on "ALLOW" so, I only get one warning by downloaded file. But, it may be annoying when someone is downloading a lot of files.

Salutations...
_ernestoG_

 

I shall do the same, switch PE off while downloading a safe App. -Opaida says to switch PE to Normal but only refers to if downloading a PE file ?

The other problem I have is that on startup a little Gigabyte App., a
Dynamic Energy Saver starts up, and every morning I click PE's Allow, no good and then
Allow this pair, and Allow this Process, but every morning I need to go through the same ritual - Would it be a fact that PE can't remember ? or am I still not hitting the correct Allowings ?

 

It really is a stand alone HIPS with a small footprint. Its a set and forget it HIPs. After that, the doors to your PC should be locked shut to the entry of malware!

 

That's exactly what an HIPS should do. If you need to download a legitimate program or install system updates, just disable it temporarily and turn it back on when done!

 

exactly

 

Hi opaida

Thanks for posting here and for the application.

I have a few questions :

1.
How do you recommend using this ?
Would it be to Enable it when surfing , and turn it off afterwards ?

2.
Does it scan inside files for the characteristics of executable programs , or does it check file extensions ?


Thanks
J

 

Did anyone tested it in 64-bit environment?

I am very interessted in PEG cause i searched for something like this!

I do not have the opportunity to test it on 64-bit by myself so if anyone could do that i would be very thankful.


Good to have you here opeida!

Very nice project! Thank you so far.

My best wishes.

 

WOT gives it a green rating.

 

in one of my pc i am running PeGuard and DefenSewall it looks rock solid

 

You just set it and forget it. You only disable it when you need to download a legitimate program or run system updates. Its designed with noobs in mind since unlike with a classical HIPS, there are no configurable options. Its not an AV product since there are no definitions to update - it never needs to be updated.

 

What type of malware is it good and not good at blocking?

 

As its name indicates - it blocks executable files - files that have to run on your computer whether its malware or a rootkit. If you don't grant it permission, it dies right there. Pretty good protection alongside any AV and anti-malware product you may have. It keeps the bad stuff out and allows you to decide what can be safely run on your PC. Its small, lightweight and powerful - and you can't beat the price. And it will never need an update.

 

alot of stuff

 

This is really an awesome application.
Cheers opaida!

 

agree,i am going to put it in all my pcs with defensewall

 

MICRO
I save the selected actions in PEG.sys, so when you shut down your computer they will be cleared.!!

Joeythedude
1.
when surfing put it in POWER mode, when downloading/installing/copying a trusted PE file put it in NORMAL mode.
And as NormanF said, run it and forget it.
2.
As a first version, PEG checks file extension only.
And I beleive that enough, because I don't think there is a virus will check for PEG existing to copy itself with another extension.
Habakuck
I am really don't know .
Alos, I dont have the opportunity to test too.
cheater87
Mainly, it protects PE files from being injected.
Alos, it prevents any PE file to enter your computer without your knowledge.
jmonge, NormanF and arjunned
THX all
Opaida.

 

any updates coming soon?thanks

 

As the author stated, no updates are necessary or required. Its not traditional AV or anti-malware that requires definition updates. The job of PE Guard is to block executable files that could harm your PC from being downloaded/running.

 

@opaida:

Suggestion: when downloading/installing/copying have PEG pop-up with an offer (YES or NO) to switch to NORMAL mode...and then have it automagically switch back to POWER mode when the action is completed...

User friendliness is always a good thing...

galileo