ProcessGuard should protect from un-authorized system Shutdowns/Restarts/Log offs. -Why?- Some malicious programs can add its self to the BootExecute entry of the registry allowing for code execution during the boot up procedure of the computer. (The loading screen before the Windows Login Screen) The code could modify a wide variety of security suites such as ProcessGuard, SSM, TDS-3, RegDefend, Anti Viruses, Firewalls etc and system files before any security is effective.
pasito, I'm not really sure what you are suggesting here, ProcessGuard is for execution protection and constraining some potentially insecure behaviours without explicit authorisation; it is not a registry based defense tool On the other hand RegDefend was created to protect against exactly this type of problem and it would stop the hypothetical process from creating the BootExecute entry in the registry in the first place If you allow arbitrary registry modifications to BootExecute or PendingFileRenameOperations then you are effectively allowing your security programs to be bypassed if you happen to be unfortunate enough to running some malware that does this Polling Registry monitors would have a fair chance at catching a change like this as well, it would depend on how quickly the malware could get the machine to reboot That said simply protecting against a shutdown wouldn't do very much if BootExecute was changed and you didn't have a registry monitor running that could tell you about it
Hmm very true. Well I suppose Shutdown Defender would still be a good addition to ProcessGuard. Well I suppose every scenario I make up can be prevented in the first place but it would make ProcessGuard a more solid product. Wouldn't you agree?
pasito, It might be ok as far as features go as long as it intercepted the request prior to the OS not allowing new processes to start because it is in the middle of shutting down You can get notification prior to the reboot if you have logonui.exe (in system32) ask for permission to execute. That at least stops the shutdown process while you are being prompted, it just doesn't allow you to stop it because whether you allow or deny the execution the shutdown or reboot operation still happens. I have found this notification quite useful so that I can finish off something cleanly