Problem with Execution Protection

Discussion in 'ProcessGuard' started by Guzz, Aug 19, 2005.

Thread Status:
Not open for further replies.
  1. Guzz

    Guzz Registered Member

    Dec 16, 2004

    I have PG Full Version with the Execution Protection enabled. I downloaded Reg Test from GhostSecurity - yes I know PG doesnt protect registry - but I imagined: well, RegTest will be able to modify my registry and then set an executable file to run at start up. As my Execution Protection is enabled in PG, it should block the simulated "worm" drop by RegTest in the auto-start. But it didnt. RegTest.exe was able to start in the start up. So I guess this file was executed by windows before PG. How can I set PG to not be defeated by this ?
  2. dog

    dog Guest

    If you look at PGs security tab you should see that startup/exe listed as allowed once unable to ask user ... you could choose to block it from there (by right-clicking the entry), or another solution would be to enable block new and changing applications, If you choose to enable this option you will need to un-enable it when you wish to install anything new or use an app you don't have whitelisted or for programs that change like the TDS mutex did. To me this is a much safer approach IMO. As a side note, I also lock PG so it can't be tampered with. :ninja:


Thread Status:
Not open for further replies.