TracksEraserPro

Well that is interesting because pguard.dat and procguard* won't be allowed to be written to that registry value, so either you aren't following what is happening correctly or there is a bug. I retested that yesterday on my machine with PG 1.200 though and it worked fine, you can even try with regedit, try putting pguard.dat in there and it won't (shouldn't) allow you.

Yes there are some small issues on some systems with Block Global Hooks/Drivers in the current version, but PG 1.250 has a lot of fixes in regarding them, and on my system Block Hooks/Drivers were already working fine in PG 1.200 . Blocking Drivers is less likely to cause issues then blocking hooks though.

So whilst I am telling some people in version 1.200 to stop Blocking Hooks if they are having a problem, I am not recommending that people have those options turned off if they work fine on your system. That is a difference.

-Jason-

 

I think I had PG enabled, but there is a chance it was disabled. I can't remember.

When PG 1.250 is released, I'll try to reproduce the pguard.dat substitution (the right way!). If it works, I'll of course let you know. If it doesn't, then it doesn't matter what happened with 1.200.

 

nameless - Sorry, what I was trying to accomplish by my gentle chiding (and obviously miserable attempt at being humorous) was to get you to think about whether or not you actually needed all those services to be constantly running in the first place.

Upon reflection, it's (a) none of my business and (b) a bad call by me since I haven't an actual clue as to what you do on/with your computer (IOW, you may actually require all those things to be running).

Basically, I was kind of impatient with your complaints about having to do so much configuration within PG without knowing whether all those services were actually vitally neccessary to be having running in the first place.

At any rate - with the post of mine we're referring to here - I was more concerned with the fact of the advice given to you with regard to turning off "Block Drivers and services from installing" due to the fact that having that activated is critical for the prevention of an occurance/re-occurance of any possible rootkits on your system, given this statement by Gavin: "Hacker Defender does NOTHING on a machine with PG full. It tries to write to the memory of services.exe and others, fails, and exits. Drivers/Services should be blocked to stop it from installing a driver at this point, or else when you reboot it will be installed and you are totally compromised" in this thread: http://www.diamondcs.com.au/forum/showthread.php?t=2100 - and, damn, don't I wish we could keep all this info in one place!

In any case, I high-lighted the fact that you wouldn't be protected from your own exploit because you had altered your own settings in PG - that was for your benefit.

I hope this windy explanation serves some purpose - I appreciate your efforts to make PG even better than it already is, and from that standpoint alone I owe you an apology if I've hurt your feelings - so consider one extended. Pete

 

Thanks. I take things too seriously, so that needs to be kept in mind as well.

I just like software. Too much. For example, I run DCS RegistryProt, but since it ignores the Startup folder, I also run StartupMonitor alongside it. Multiply this general idea by 10 and you can see why I have so many processes running. But my system runs beautifully.

I also use my system to run an Apache web server. I can't really afford to have it crashing all the time, so I am conservative with how I configure powerful software like Process Guard. Also, as you can see in this thread, the option to block drivers and services has a bug with some software I use all the time. The 1.250 update should be a real improvement.

Thanks for the post. I appreciate your input.

 

Another option to block a rootkit is of course a registry watcher PG stops the IMMEDIATE infection of the system, if a registry watcher showed a new service entry "HackerDefender" I think most people would delete it Of course this can be named anything, but a user with a registry watcher should be able to realise ok a service just got installed, that doesnt look too good since PG blocked all manner of things related to the EXE I just ran

 

The system I test Process Guard the most on has Apache and a lot of other intensive applications running and installed.

It is quite hard to develop something like Process Guard which runs nicely with all other software because it basically ~changes~ how a lot of those programs work. Software which was written to be run on a stock standard insecure Windows machine may not like what Process Guard is restricting it to. Thankfully most software developers these days know how to handle "errors" from the operating system (basically what PG says to offending applications) and there is no issues. Process Guard has increased immensely in its features and stability however since v1.000 was released and every version seems to be much better than the last, which in the end means less hassle for the end users.

-Jason-