Process Termination Protection

Is there a stand-alone app that strictly focuses on protecting against process termination?

Thanks!

 

Task Catcher is one.

 

Thanks, that looks good but...

Is there a free alternative to Task Catcher?

 

I believe something like prosecurity free is able to protect against termination attempts. You can even set it up to just monitor termination and nothing else if you prefer.

 

From the description it seems Task Catcher doesn't protect process from termination but rather it restarts the process once it is stopped. Not quite the same thing. And not as secure.

 

That is debatable.

The fact remains that, with admin rights, ANY process can be terminated if the attacker tries hard enough. Restarting a terminated process is a very viable option.

 

Of course it is. Isn't everything?

As a backup option, if termination protection fails, maybe. I believe SSM has or used to have a similar option for this - keep process in memory or something.

And the fact remains, you would prefer the process not to be terminated at all, compared to being terminated, and then being restarted with a window of opportunity...

 

It still does. I use this on one of my setups with Winpooch, and they complement each other perfectly (as Winpooch is somewhat weak in the self-defense department).

That depends a lot on what is being terminated, doesn't it?

Not to mention that the first preference, as mentioned before, isn't always possible.

 

Hi all,

Online Armor (both paid and free) will protect you against this type of attack



Take a look here : https://www.wilderssecurity.com/showthread.php?t=188545 for a thread dealing with the same question

MaB

 

Don't you use Eqsecure?

Well, since we are talking about being more "secure", I guess we are talking about security related processes?

We only can use what is possible yes. But one wonders if restarting a process that has being terminated might be too late and if so the whole point of restarting the process is moot.

 

Well the original question talked about a standalone that "strictly focuses" on process termination protection , so I don't know if the things already mentioned (except Taskcatcher which is disqualified as alluded earlier since it doesn't protect proceses from termination), count since they do more than just process termination protection?

 

To be honest, I cannot at the moment think of an instance where restarting a terminated security process is a moot point. Perhaps you would care to provide examples?

 

I agree. All it takes is a small window of opportunity, and the time that it takes between termination and the restarting process could be a sufficient amount of time for the malware to gain control.

It's funny that solcroft should mention Winpooch, because that's exactly what I'm trying to protect.

 

Then you may need a HIPS program.

I believe GeSWall does this.........please correct me if i'm wrong.

But then again it does more then this and the OP is interested in a stand alone app who's sole purpose is to protect from termination.