ProcessGuard Suggestions / Wish list

Process Guard Suggestions / Just a thought...

Process Guard watches integrity of allowed applications.
The idea: let Process Guard also watch allowed applications for outbound Internet connections. This should be easy to implement with the knowledge, build with Port Explorer.
If this has been done, anyone using XP and/or using a router (and/or cable/ADSL modem) for Internet connections doesn't need to have a separate firewall, because XP has a build-in firewall for inbound traffic as most routers and broadband modems have as well.
I think this will be a be a big improvement of Process Guard (and a major sales argument).
Dolf

 

Re: Process Guard Suggestions / Wish list

Hi Dolf, Long time no see
I'm not sure that DCS will agree with you on that
Wayne and team are well & truly focussed on their Anti-Trojan & Anti-Malware products / business. In the past Wayne has always siad that DCS's business is based upon Anti-Trojan products.
But who knows what the furure may bring?

Enjoy your weekend, though you are probably working Pilli

 

Re: Process Guard Suggestions / Wish list

Well, if you are able to allow/disallow applications to run at all, why won't you to be able to allow/disallow those programs Internet connection?
It's easy to implement and you don't even have to specify the ports being used, because those applications are being trusted and unmodified
Dolf

 

Re: Process Guard Suggestions / Wish list

Well yes but what you describe is more like a Containment wall than a Firewall or an "OutGuard" maybe

 

Re: Process Guard Suggestions / Wish list

Yes, you're right. Wouldn't it be nice to have a notice like: "Your trusted Application XYZ wants to connect to the Internet at ip address xxx.xxx.xxx.xxx port xxx. Do you want to allow this?", or: "Your trusted Application XYZ wants to listen on the Internet at port xxx. Do you want to allow this?".
With this, you won't need a firewall, AV or AT anymore!
Dolf

 

Re: Process Guard Suggestions / Wish list

Hi Dolf, I can see what you mean. Yes it would certainly add an immense level of controlability to Process Guard.
I really have no idea what the DCS team think about it, maybe they will answer.

 

Re: Process Guard Suggestions / Wish list

I don't like the idea of Process Guard turned into a firewall (just the layer security concept)

However, why not to enable or not applications to have network access (for any protocol/addresse/IP), like "network allowed" or "network restricted".
No annoying parameters, doesn't replace a firewall, no protocol specified, no rules, just allowed or blocked.

It's just an idea, but in fact, i would rather like to have a file access monitor
(Process Guard has already the technology to do it).

 

Re: Process Guard Suggestions / Wish list

Add a feature to PG where you could right click the PG icon and get a shutdown/restart menu which would temporarily disable close message windows and perform the appropriate shutdown/restart windows task? So, in other words, rather than choosing shutdown or restart from the windows menu it could be chosen from the process guard icon menu to bypass the close message windows that pop up during the shutdown/restart process.

 

Re: Process Guard Suggestions / Wish list

Thanks Pilli.....

 

Re: Process Guard Suggestions / Wish list

It would be nice if a 'restore protection list' was available
under 'save protection list'.

So that if the PG .dat file gets corrupted (happend to my pc twice) you can
replace it with an empty one, and restore the list.

Now i have to bring my pc to save-mode regulairly to backup the .dat files,
(so that i can restore them, if the problem reoccurs).

 

Re: Process Guard Suggestions / Wish list

Isecond Tuatara's request. I've also found that the protection list has been corrupted on two different occasions, just within the last 3 weeks. There are the correct number of entries, but there's no icon or description or protection. I used task manager to prove this last point. Since I keep the text backup, I deleted the corrupt entries, flipped PG back to use the wizard, then added back my list. But this is really not the way to do this. An import from a PG (encrypted?) backup file would be better and save booting to Safe mode, etc. The last time the data was corrupted was during bootup and a message appeared that PG had failed to boot and would have to be restarted. I now check PG regularly to ensure that the list still exists.
Jim Clements

 

Re: Process Guard Suggestions / Wish list

I get a lot of new applications aborting because they can't create a global hook. Right now, the only way I know of to enter the application into PG is to go to procguard.log, select and copy the address of the application's .exe, then create a new application to protect in PG, paste in the application's .exe, deselect all blocks, and select allow global hooks.

Is there an easier way?

If not, I'd like to see a popup when it is a global hook that needs to be allowed (for an unregistered application), giving me the chance to do a quick add of the application, simply by clicking a button.

 

Re: Process Guard Suggestions / Wish list

Hi joeblow, If it is a new install from a trusted source just tun off The Generel "Block global hooks" item.
Install your program and then re-enable Block Global Hooks, you can then add allow global hooks for the application once it is on the protection list.
Items in the checksum list should not be affected unless they are trying to create a global hook to a protected program, in which case add them to the protection list as stated above.

HTH Pilli.

 

Re: Process Guard Suggestions / Wish list

In addition to the current methods of changing a listed programs settings: a properties dialog for every entry (both in protedcted programs and program checksums) with all available options, plus the ability to tick "protected", thus allowing you to easily move an entry between simply allowed and protected with one mouse click, and change allowed/blocked/options without having to first change the drop down menu.

I also agree that it would be nice to have an easier way to add programs just for allowing certain options. Perhaps the above with an additional group for highly protected programs (that would be for your main protected programs that you don't want ANYTHING messing with, that couldn't be terminated by anything outside of PG itself, having an option within PG to terminate something that may have hung) and a "custom protection" tab (the "program protection" list as it is now) with an option on the secure desktop screen to add to the "custom protection" list, which you would then give you the aforementioned properties dialog.

I would also like to see the ability to password protect the PG tray icon.

 

Re: Process Guard Suggestions / Wish list

Suggestions for improvement:

1. In the Programs Checksum screen, when you click on the File Name column to sort the programs by name, and then change the Last Action option on a program (or delete an entire entry), the app resorts all the entries. It would be nice if it would remember how the entries were last sorted. Not that big a deal, but it would be nice.

2. Correct the sorting issue in the Programs Checksum screen so that it does an accurate chronological sort and considers both Day AND Month at the same time.

Other than these very minor details, I'm a happy camper.

Thanks for asking!

 

Re: Process Guard Suggestions / Wish list

Thanks for your suggestions D&C & Notok, I am sure Jason will consider them for the next version.

 

Re: Process Guard Suggestions / Wish list

Me too! I have already suggested this feature. Of course you should answer a single Human Identification Dialog before this kind of shutdown. But it would still be much more comfortable then answering HIDs during the shutdown is already running, because then an always-on-top popup window of Windows could cover the HID.

Me too! It would be perfect! Just like registry access monitor, which is also already implemented within.

-hojtsy-

 

Re: Process Guard Suggestions / Wish list

One more suggestion. I've created a batch file for backing up the .dat files in the System32 directory. Would be nice if this could be automated by PG (as well as saving the protection list). Even with a batch file, you still have to manually disable PG protection to copy the files. Just a thought...

 

Re: Process Guard Suggestions / Wish list

Display the code in the "human confirmation dialog" through DirectDraw, it would make it infinitly harder to get the code through a screenshot or any other automated means.

 

Re: Process Guard Suggestions / Wish list

Actually, unless the DirectDraw surface supports overlays, you would need to use something like DirectShow. It would make it a lot harder (though still possible, as screenshot programs like HyperSnap, etc, can still screenshot these) but I think adding noise is the best way to stop screenshot analysis of the code, as is already done.

 

Re: Process Guard Suggestions / Wish list

lock, unlock... enable, disable..., over and over and over and over....... :-(

Unlock, disable... run the taskbar item I want to run, along with any other program that PG doesn't seem to want to allow to run when enabled... then enable, lock. Over and over and over and over... every day.

I wish someone would write "owner heuristics" into the programs. As the owner and administrator of this system, why should I have to ask for permission from PG to do what I need to do here? And why should I be forced to choose between the freedom to do that, and full protection? PG should have two modes of full protection; one that has it locked down like I keep it when I'm gone. And another that will still allow me to do anything I deem necessary, without question or interuption. I should be able to choose either full protection mode, at any time, on the fly, with one password.

There's my wishlist. Thank you for your patience.

 

Re: Process Guard Suggestions / Wish list

Hi Mercurybird, Process Guard is a sophisticated program with unique abillities and is designed, somewhat, to be in the administative domain. Most users do not have problems after they have set their usual apps, if you are changing your system constantly then you should expect to see what is happening on your system and make the necessary changes in PG.
If you are running lots of new trusted programs then just put Process Guard into learning mode whilst you do it - Your choice

Have fun - Pilli

 

Re: Process Guard Suggestions / Wish list

Thanks for correcting me, hardware accelleration at any rate. My main idea here was against the kind of backdoors that use screencaps to see what's going on while controlling your system. I know that theoretically they wouldn't be able to get that far in the first place, but if by some chance, or user error, they did, it would make it that much harder. I'm certainly not suggesting replacing the noise, however. If you used DS you could even animate it!

The scenario I could see playing out with this is if I'm installing multiple driver updates, or having difficulty with them, and they use that window to install such a backdoor. I forget to re-enable protection on restart and PG isn't started until after the malware has run. I walk away from the computer and the hacker goes to close the one thing standing in his way: PG. It pops up a HCD, he takes a screenshot and inputs the code. The key here being a live person examining the screenshots.

Granted, I'm sure this woluld all be a lot more difficult that that, but we're speaking theoretically, and I'm sure it's just a matter of time before someone in Russia figures out how to embed a rootkit into a remote access trojan that takes screenshots, and makes it travel like a worm.

On that note, I'd also like to see some way of installing a driver without disabling protection for the rest of the system. Perhaps an option to monitor an installation that would follow a process just while it's running, prompting you when it does something like try to install a driver or spawn another process.

To further one of my earlier suggestions, I would really like to see Advanced Process Terminator, beefed up to be able to see even hidden processes like rootkits & the ability to sort the process list, bundled into the PG interface. More tools to help hunt things down that might slip past the scanners are always good.

Maybe down the road after TDS-4, WG-4, PG-3, etc., are done a program could be made to manage all the DCS freeware & payware programs, giving them a unified interface. Talk about the ultimate Security Suite, it would make the likes of Norton look like a joke!

Ok, I'll stop now before my thoughts run away from me and start treading into the territory of things like skinning..

 

Re: Process Guard Suggestions / Wish list

Thanks Notok for your thoughts and suggestions DCS do listen to their users and, where possible, always try to use the best ideas forwarded to them.

Pilli

 

Re: Process Guard Suggestions / Wish list

A unified tool system may make an appearance in a later version of TDS-4 , so we are already thinking about this one.