Hello! In https://www.wilderssecurity.com/showthread.php?t=48001 I mentioned that I visited the windowsupdate site (without installing anything), afterwards I downloaded and installed an Office XP patch (adressing the new JPEG vulnerability). A reboot was not necessary. Everything seemed okay. But when I opened the PG GUI I noticed that protection was still enabled but the list of protected applications was completely empty - this was only fixed by rebooting the computer. There are two things that strike me: 1. PG didn't inform me that the protection the program offers might have been somehow affected. I wouldn't have noticed if I hadn't opened the GUI. 2. The cause for this problem is not clear to me. Was it only the fact that I visited windowsupdate (resulting in the execution of JScript and ActiveX code), or was it the installation of the Office patch? Whatever - it seems that there are internal functions in the operating system that can affect the security provided by PG. The crucial question for me is: If this is true - how can I be sure that malware might not misuse these functions in oder to (partially) disable PG? Is this a possible PG vulnerability?
It's a known issue in ProcessGuard v2.0 that we havn't been able to replicate. ProcessGuard v3.0 should have this issue fixed. The problem seems to stem around the user running multiple accounts at the same time, do you use fast user switching on Windows XP? ProcessGuard v3.0 fully supports multiple users, and if this is indeed the cause, it has been fixed in the next version.
I do have different accounts but usually I do not use fast user switching. In this case I was only working in the administrator account. So I don't think that's the cause here. Thanks a lot for your reply, Jason.