Auto protect applications

Discussion in 'ProcessGuard' started by Rasheed187, Oct 2, 2005.

Thread Status:
Not open for further replies.
  1. Disciple

    Disciple Registered Member

    Joined:
    Nov 14, 2002
    Posts:
    292
    Location:
    Ellijay, Georgia - USA
    From the PG help file, section Features Overview > Protections Settings:
    3. Block new and changed applications
    Any application which you haven't allowed to always start will be blocked from running without a user confirmation when this option is enabled.
    (Some emphasis added by me)
    This is useful on a system:
    1. that NEVER changes
    2. in a controlled environment were administration is not in the users control (corporate)
    3. the user has a thorough understanding of what this feature will do (i.e. block with out a warning)
    If I could ever learn to quit tweaking my systems :eek: , I would probably enable this setting.
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,629
    Location:
    The Netherlands
    So the the best way to setup PG is:

    1 Allow only certain processes (Windows OS services and anti malware) to modify/terminate/read protected apps and (if necessary) allow them to install global hooks, services/drivers (+access physical RAM).

    2 Protect important apps (Internet apps + services/anti malware) from termination/modification.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,629
    Location:
    The Netherlands
    Btw, personally I would never use the "execution protection" feature because I don´t want to be bothered with a lot of popups. ;)

    And isn´t this correct, I would like to get a reaction from the developers TIA :):

    "I think protecting these unknown files so that they are protected from modification or termination is harmless, as long as your security programs have the correct previlages to terminate/modify them."
     
  4. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    479
    Sorry I'm not a developer.

    The fact that you have an unknown file on your protection list means that it must also be unknown to your security apps (otherwise they would have alerted you to it's presence already). So the debate over which files have which permisions is irrelevant. Your security apps (whatever their permissions) will not do anything to the unknown file (whatever its permissions) because your security apps don't know what it is.

    The problem becomes is this unknown file legitimate or not? If not, then it shouldn't be on your computer, let alone in your protection list. If it is legitimate, then you can decide if it should be on the protection list and what permissions to give it.
     
  5. ~~~~

    ~~~~ Guest

    Spikeyb. It's easy to think that all apps come in 2 versions, obvious bad, obviously good, but in reality things are not so clear. Also it's not clear cut that your antivirus will immediately detect something has being bad. For example you could have a browser that is initally clean but will try to download a virus say on your 40th execution of it.

    In any case, any app that is classed as probably good with small chance of being evil, does not gain anything from being protected from modification/ termination if it does turn out to be evil latter, if all other "good" software that might have handled it are given the permission to modify/terminate it.

    You do not however want to give them other previlages though such as access to physical memory, or rights to modify, terminate other protected apps though.
     
  6. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    479
    Hi ~~~~

    I think you are probably right with a small chance of being wrong :) .
     
  7. ~~~~~

    ~~~~~ Guest

    Well if you look at appdefend, it is exactly based on that model.

    All applications are "protected", or rather, other applications need the rights before it can terminates any other program.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.