PROCESSGUARD V3

Hi, Paranoid2000

Have you taken it out of the Security Options.

Take Care,
TheQuest

 

Do you have snapshot.exe in your protection list? And if so what privileges does it have?

 

Here are my results :-

 

Here's my results - here is Snapshot taking a backup with the PG Alerts screen (BTW I did try removing Snapshot from the Security list - aside from bringing up the Execution Protection prompt to run it, it made no difference):

 

Show your protection and main tabs also.

 

And here's my PG Protection settings - nothing for Snapshot and no drivers for Services...

 

...and here's my PG Main settings.

 

BTW this is on Windows 2000 SP4 - your screenshot Jason suggests you tested on Windows XP. If so, could that make the difference?

 

Ok, we will do some testing tomorrow to ensure. In the meanwhile try the new version.

 

Well, I've installed the final beta and encountered the same problem...sort of.

Basically, ProcessGuard can catch the first attempt to install SNAPSHOD - but if it is allowed, further attempts will not be blocked if permissions are revoked. This is a different situation from other programs that install drivers (e.g. PageDefrag or DbgView - remove their Install Drivers privilege and subsequent attempts are then blocked) and appears to be down to services.exe doing the driver install (revoking driver install permissions for services.exe does not seem to block subsequent installs - or maybe services.exe is smart enough to detect previously installed drivers and do nothing on subsequent attempts ).

This I presume is the services.exe issue you were referring to earlier Jason. If any program can use it to install drivers, is there any chance of being able to restrict it to specific programs/drivers only? Allowing it to install anything seems to open the door to mischief while blocking it totally may cause other utilities to fail.

 

Please see a few posts back. It isn't going to be an easy finding a solution to this problem, but hopefully there will be one.