Allow modification protection on a per app basis

Discussion in 'ProcessGuard' started by CheriePie, Oct 2, 2005.

Thread Status:
Not open for further replies.
  1. CheriePie

    CheriePie Registered Member

    Joined:
    Oct 25, 2003
    Posts:
    4
    Is it possible to set modification protections on a per application basis?

    For example, I have an hp 7310 all-in-one network printer on my network and use hp's drivers. On system start, hpzinw12.exe (an HP driver located in system32) attempts to modify the memory of hpqtra08.exe (located in program files\hp\digital imaging\bin).

    I've removed the Protect from Modification permission for hpqtra08.exe, but I'd like to be able to specify that only hpzinw12.exe is allowed to modify this app. Is that possible? And if not, can it be considered as a possible enhancement to a future version of ProcessGuard?
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi CheriePie, Only appications on your protection list can make such modifications to other protected programs. Protected programs cannot be modified by any non protected programs.
    Protected programs are on the protected list because you trust them and therefore must have certain permissions to do their job, this is paticularly true for system processes and certain services such as printers. Hence ProcessGuards default list and learning mode, just one of the reasons that it is always best to ensure that your system is squeaky clean of malware before installing PG.

    Having more granular control would appear to be a future option worth asking for but I am not sure how it might impact on memory resources or speed etc.

    HTH Pilli :)
     
  3. CheriePie

    CheriePie Registered Member

    Joined:
    Oct 25, 2003
    Posts:
    4
    Yes, I'd particularly like finer control over svchost. Sure, there's some processes I want to allow it to launch, but I don't wish to grant it global control to launch any process since many viruses and trojans are using svchost for just such a purpose.

    So perhaps the option to have finer control over certain processes can be handled on a case-by-case basis, whether turned on by the user, or built into Process Guard itself. If built into Process Guard itself, I'd definitely suggest svchost.exe be a candidate to allow for such control.

    Thanks for your consideration. :)

    ~Cherie
     
Thread Status:
Not open for further replies.