Auto protect applications

From the PG help file, section Features Overview > Protections Settings:

3. Block new and changed applications
Any application which you haven't allowed to always start will be blocked from running without a user confirmation when this option is enabled. (Some emphasis added by me)
​

This is useful on a system:

1. that NEVER changes
2. in a controlled environment were administration is not in the users control (corporate)
3. the user has a thorough understanding of what this feature will do (i.e. block with out a warning)

If I could ever learn to quit tweaking my systems , I would probably enable this setting.

 

So the the best way to setup PG is:

1 Allow only certain processes (Windows OS services and anti malware) to modify/terminate/read protected apps and (if necessary) allow them to install global hooks, services/drivers (+access physical RAM).

2 Protect important apps (Internet apps + services/anti malware) from termination/modification.

 

Btw, personally I would never use the "execution protection" feature because I don´t want to be bothered with a lot of popups.

And isn´t this correct, I would like to get a reaction from the developers TIA :

"I think protecting these unknown files so that they are protected from modification or termination is harmless, as long as your security programs have the correct previlages to terminate/modify them."

 

Sorry I'm not a developer.

The fact that you have an unknown file on your protection list means that it must also be unknown to your security apps (otherwise they would have alerted you to it's presence already). So the debate over which files have which permisions is irrelevant. Your security apps (whatever their permissions) will not do anything to the unknown file (whatever its permissions) because your security apps don't know what it is.

The problem becomes is this unknown file legitimate or not? If not, then it shouldn't be on your computer, let alone in your protection list. If it is legitimate, then you can decide if it should be on the protection list and what permissions to give it.

 

Spikeyb. It's easy to think that all apps come in 2 versions, obvious bad, obviously good, but in reality things are not so clear. Also it's not clear cut that your antivirus will immediately detect something has being bad. For example you could have a browser that is initally clean but will try to download a virus say on your 40th execution of it.

In any case, any app that is classed as probably good with small chance of being evil, does not gain anything from being protected from modification/ termination if it does turn out to be evil latter, if all other "good" software that might have handled it are given the permission to modify/terminate it.

You do not however want to give them other previlages though such as access to physical memory, or rights to modify, terminate other protected apps though.

 

Hi ~~~~

I think you are probably right with a small chance of being wrong .

 

Well if you look at appdefend, it is exactly based on that model.

All applications are "protected", or rather, other applications need the rights before it can terminates any other program.