Adding programmes

Discussion in 'ProcessGuard' started by Whynot, Feb 11, 2004.

Thread Status:
Not open for further replies.
  1. Whynot

    Whynot Registered Member

    Joined:
    Feb 8, 2004
    Posts:
    50
    Hi,
    In determining a starter point for which to add programmes to protect using PG, if I added all the processes scanned when TDS starts up, would that cover most of my bases, or would I miss some crucial ones ? :doubt:
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Probably more important to add any application that can use the internet as shown in your Firewall logs. Also any security programmes you have running AV, AT etc
     
  3. Whynot

    Whynot Registered Member

    Joined:
    Feb 8, 2004
    Posts:
    50
    Thanks Pilli, next question - when I enable "Block Drivers" I get the message advising me of this as well as the pathname and a number enclosed in brackets eg [700]. what does this number refer to? A troubleshooting guide (hopefully)and if so where is it located. Thanks again for your responses.
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Not sure about what the numbers actually refer to,Jason may be able to throw some light on that.
    I do know that blocking some services and drivers needs to be done with care.
    This programme is very new and powerful, using MS undocumented methods, so we are all on a learning curve.
    It is almost a certainty that there will be anomalies and it Will be through users feedback and further research by the developers that Process Guard will mature.
     
  5. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    The numbers in brackets ( [700] ) means the PROCESS ID of the respective application.

    For Block Global Hooks there is 2 other numbers in brackets at the end of the log, but that is for "internal" review.

    -Jason-
     
Thread Status:
Not open for further replies.