pe guard

Good suggestion. But you can turn off and turn the protection back on when you're done updating your system. Its the perfect HIPS. While you can't configure it directly, you can set rules for processes when and as they occur. If you don't trust you a process, you simply don't let it run!

 

jmonge
No, there are no updates..
But I will try to start writing a new version(ver 2.0) soon.
galileo
THX for suggestion, I'll try to automate this in the next version.

I still insist on less configurations and options.

 

cool man i love this litle proggie

 

@ NormanF:

It isn't really an issue of what one "can" do but, rather an issue of "user friendliness". Consider.....folks frequently will not remember to switch off their AM software prior to beginning downloading/installing/copying and thus, will have their action interrupted and/or potentially crashed...with various potential unfortunate outcomes. A simple pop-up dialog to "remind" and offer to temporarily switch off the AM isn't required but, would be a very user friendly feature for what I suspect are in fact the majority of users......especially if upon completion of the triggering action the AM switched back on automagically....

galileo

 

He's already taken your suggestion under advisement. It can only make a really good program even better for the users!

 

PeGuard is similar to WinSonar

 

lol

 

Winsonar was a process watcher. This is more of an HIPS although it also watches what writes to a Windows process.

 

Hi to all,

"I had a Dream..." (Please forgive me for the bad joke )

... that was just a dream...

See You soon...
_ernestoG_

 

i will love to see a active process monitor and rigth click block x process feature

 

Does this detect keyloggers?

 

HI


been reading all this nice thread and a big goes to opaida for bringing it to us

i test it against some 0-days malware and it did block them all (nice!)
i got some question / suggestion .

1) does PE-guard will alert/block any kill disk like malware ?
2) seems PE-guard keep pop up same alert to same application each time i run it , is there any way pe guard will "learn" the allow actions?

cheers

 

put the protection in normal mode and open your programs the one that gives you the alert and then then put it back to power mode and see it works for me

 

Per opaida's post #73 this thread:

Cheers

 

i some how didn't mention i try to run portable application ....but anyway , this method jmonge You describe doesn't working for me mate


cheers

 

hopefully opaida drop by and help you with your isue

 

I asked Opaida the same thing Demon., - His kind reply is the first on page 4 #97 but unfortunately I don't have a clue what it means in relation to
my/your question.
Do me favour if you can please, take a look at #97 and translate what it means in case it's something I can then do to overcome the problem you and I are encountering.

 

I've experienced the same phenomenon.
I open up a .pdf file from my file manager, PEG alert pops up.
I select "Apply to this process always", "ALLOW". File opens.
Subsequent openings of same file in same manner invokes same pop up (ad nauseam).

Hopefully opaida can offer some clarification.

 

You may have to click a few times to set the permission. Once set the popups should not bother you again.

 

there you go a better reply,thanks NormanF

 

Same file opened >20 times, same pop-up, "Apply to this process always" "ALLOW" selected each time.

 

Hi,
Sorry for being late in replying your issue demoneye/MICRO/BOB D

Plz see this post:
https://www.wilderssecurity.com/showpost.php?p=1548582&postcount=73

demoneye + BOB D
In that post I said:
NOTE: although I display the full path of the exe file of the process, I identify the process by its PID(Process ID), So if the process was killed and rerun it will have a new PID and PE Guard will identify it as a new process.

I hope that was clear!!.

MICRO + demoneye
Sorry for obscure replying in #97 post, anyway :
When you check "Apply to this process Always" or "Apply to this pair always", then the current process and file will pe saved in the memory (RAM), and not in somthing permenant like in a registry or in a file. So, when you shut down your computer all saved processes/files will pe cleared.

Maybe it is a good suggestion, I mean remembering the selected actions by saving them in a registry or a file.

Boost
It doesn't matter if the exe file was safe or harmful(like keylogger) file, whenever an exe file is trying to enter your pc the warn will pop up.

 

10x for the reply opaida
IMO , you should make a "white list" in a file (not reg) , this step can pust PE-guard from a "nice little hips" to more like "semi pro Hips"


cheers

 

Thanx for the clarification, opaida.
Redundant pop-ups are a bit annoying.
Another argument for rules which can be configured?

Regards

 

Thanks opaida