Process Guard "MADE EASY" page! We need your help

We'll soon be putting a new page on the website/helpfile that will essentially be titled "Process Guard Made Easy". The basic idea of this page is to concisely explain to new users 1) the basic concept and idea of Process Guard, 2) how to initially configure the program, and 2) how to "use" it (which basically just means how to read the alerts, and how to make config changes accordingly).

Now, due to the nature of our work we find it easy to write technical writings on this subject, but making a text that's easy for everyone to understand is quite a challenge! Especially as we tend to think of things from the perspective of a programmer/analyst rather than a new user ...

Process Guard, despite being an extremely powerful program, is fairly easy to use - it's the job of this page to help show that, so we come to you for help

If you can think of anything - anything at all - that you think might be useful to tell new users (for example, if you've ever just discovered a new feature and thought "I wish I knew about that earlier!"), then please let us know!

Thankyou in advance, your help is much appreciated.

 

1) the basic concept and idea of Process Guard

PG is meant to protect already installed and running security software from being attacked by virus/trojans.


2) how to initially configure the program

Accept the default wizard configuration at first startup, and then add every security program or every resident or often used program in the list :
AV, AT, FW, mail client, browser, instant messaging


3) how to "use" it

first install PG on a clean machine (no virus, torjans, worm, spyware).
Execute and use all your program that you usually use or that you can use, check the PG window log, and allow your software needed allowances to avoid logging.

Then, all upcoming logging should be take with caution and do not allow
something you don't know.

Better to not allow if you are not sure.

In case of a doubt, ask on the official PG forum.



Just few ideas

 

_EXCELLENT_! That is exactly the sort of information we're after
(After spending so much time researching and developing the program it's not easy for us to put ourselves into the shoes of a new user, but you all have that advantage over us which is why we're requesting help with this )

 

I think back to when I first tried setting it up and... I was really wanting to find a guide to which processes to protect in Windows XP (which is probably the predominant OS among home users) but maybe it could also provide info on W2K and 98SE too.

I'm thinking along the lines of a guide as to "what" to protect "where" to find it "why" you should protect it and last but not least "how" to do it.

Well that is what I was looking for as a new user (and couldn't find it) I had to post questions and test things myself, which did kind of give an "unsure" feeling about the whole thing. I feel a detailed guide would help put to ease the new user and bring security (PG) out of the shadows a little bit.

 

I agree with Protek. Even though PG is very easy to set up, it is a User trial and error game as to what to include in the protection list, what to Allow and if any Options are necessary. That is most understandable considering the myriad of software combinations.

Plus "interpreting" the various forum Posts tends to further confuse and concern (definitely not intentionally) because of ambiguity. For example, Regedit.exe causing a global hook log printout. The ambiguity comes about by reading a post such as "well, things seem to be running okay without permission for the Global Hook", so it's probably not needed. That in itself is both confusing and a bit scary to a normal computer user. Does/Could it mean that Windows wanted to do something, didn't do it because of the block, and the result may/will show up next week?

In summary, I suggest that the "Made Easy" needs to be as direct and precise as possible. In the above example, telling the user to add the option to permit Global Hook for TRUSTED Regedit.exe is a safe response and reduces/eliminates user "concern"-- if you get my drift.

I also feel that it would be very helpful to new users to perhaps provide a downloadable setup/info .txt file that contains a list of files to include in the PG program protection for as many more popular programs (example, NAV 2003/2004, AdAware, etc.) as possible along with what to ALLOW and what Options to set. This helpful info .txt could be gleaned from current User input. I suspect many of current users would be willing to submit this type of info for centralized assimulation and distribution.

JMO

 

1) the basic concept and idea of Process Guard

PG is meant to protect your operating system, your security software and your internet applications from certain dangerous attacks by viruses, trojans, rootkits and other kinds of malware.

2) types of attacks covered

Termination: Process Guard will make sure that malware does not shut down your security software (or any other program).

DLL trojans: Process Guard will prevent the latest breed of trojans, so-called DLL trojans, from running. This is important because DLL trojans do not show up in the Windows Taskmanger. Moreover, they can bypass your desktop firewall. For further details see ( http://home.arcor.de/scheinsicherheit/dll.htm )

Rootkits: Process Guard can prevent the installation of any rootkits {still to be verified}. Rootkits are particularly dangerous because they work like a cloak of invisibility which makes it impossible for an antivirus or antitrojan scanner to detect malware.

keylogges, setwindowshookex, dllinit etc. (have no time now)

...

3) how to initially configure the program

Accept the default wizard configuration at first startup, and then add every security program and every internet programm to the list: in particular, you should protect your
AV, AT, FW, mail client, browser, instant messaging client ...

[use detailed screenshots to show how, for example, the browser can be protected]

 

I'd love to see a consolidated reference of what each global hook type was. Every time I see something new in the log, I ask here, or search here. And Wayne tells us: "Global hook type 0xE is..."

It would be nice if the local doc made it easy to tell what each global-hook-related log entry really meant.

 

Excellent ideas folks, thanks! Please keep them coming - you have the advantage over us in that you've been able to experience Process Guard as a new user

But just in regards to this ...

The next version of PG already tells you what type of hook it is, ie. "global Keyboard hook", "Global Low Level Mouse Hook", etc etc (rather than just "global hook").
We may also add a list of codes to the helpfile, but that info is already available now if you're after it - search for SetWindowsHookEx at Microsoft (google will lead you straight to it)

Cheers,
Wayne

 

I've seen a couple of post where users tell " I get a log entry process X has been blocked from..... I don't feel comfortable giving it that permission."
By not giving processes the right permissions, processes might not behave as intended, although it LOOKS like it's working ok.
Dolf

 

I'd be doing that if I knew how. But I don't understand how to search for hook docs based on how PG logs them. For example, how would I search for this (which I just made up, so it's not necessarily valid):

[00000007][0000000E]

If it was just [00000007][00000000], I'd search for 0x7.

I guess what it really comes down to is... either you have malware on your system, or you don't. If not, give everything that wants a global hook the ability to obtain it. Doing otherwise is slowly driving me insane over here.

 

Hi Everyone,

I bought and installed PG sight unseen last night based on everything I've been reading here and my experiences with TDS-3. Both are great programs (as are PE and WG)! My congrats to the development team!

I think the suggestions given previously have been great, and I wholeheartedly endorse them.

My suggestion would be to give new users a sample configuration file of some type. For example, when I installed PG, it auto configured for a lot of things, but it also left a lot off, e.g., TDS-3 itself. As a very experienced computer user, I feel comfortable adding and configuring my various programs, but I would LOVE to have had a file of common programs and suggested settings, even if to just make the process faster, and to make sure that I haven't left any necessary programs off the list. For a new or inexperienced user, this could be an absolute blessing---takes the guesswork out of the setup.

To achieve this, I would suggest that you (or us here on the forum) could create a text file that shows the recommended settings for common programs. and since the bottom half of the PG screen is done so well, it can be in the same format with an additional title at left:

AppName Process Process Path Blocked Allowed Options
MyApp 1.2 myapp.exe c:\program files\myapp\ Write,Terminate,Suspend,SetInfo None CloseMessageHanding
Prog 6 bant.exe c:\security\protect\ Write,Suspend,SetInfo Terminate

To take it a step further, you could break the file into headered sections, e.g., "Anti-Trojan," "Anti-Virus," "Firewall," "E-mail," etc. While I suspect that the vast majority of entries would be very similar, it could really take the guesswork out of the process, and just make everyone more comfortable, especially new users. It could also solve some of the questions of "does X work with PG?" since a comprehensive list like this would implicitly indicate how good of a citizen PG is.

I hope this helps.

Charles

 

Because the most important processes to protect besides your security programs, are those which have permissions to access the Internet by your firewall, so I would suggest a firewall configuration spy, which can read configurations set in popular firewalls and add them to PG.
Dolf