Best replacement for Process Guard

I have PG 3.410 free version but I now undestand it is not supported. What is the best free replacement? Mostly I used it to block exe.s and to prevent termination of programs in the task manager. It was a bit of a nuisance in the latter when I needed to terminate but I liked it.

Is PG a HIPS program? Also I do not understand why it needed support, does it not still work? I thought it best to start a new thread on this, hope that is Ok

 

If you read posts by fcukdat who tests malware and drive-by sites with PG, you will see that no executable gets by PG. No need to upgrade if this is your primary use.


----
rich

 

Thanks , that is my primary use. As a matter of interest what does the upgrade cover?

 

Thanks , that is my primary use. As a matter of interest what would an upgrade cover? The anti hooks? But that was not in the free anyway

 

If you were going to Vista, or you had the paid version, you would need support. Changes in platform or advances in malware technique (such as driver installation etc) would necessitate modification to the prog. However the primary function of PG free is execution protection, and if the malware doesn't run it won't be installing services; so PG free is still OK to use on XP.

If you wanted to check other apps then ProSecurity and SSM both have free versions worth considering.

 

Would agree with TopperID re. SSM and ProSecurity. I used to use PG but change to ProSecurity (initially free but the to the paid version) as I felt that PS is closer to PG in terms of appraoch when compared to SSM. But both are excellent programs.

Another one to consider is EQSecure which is currently free...and seems to have a very good press from those that have tried it in depth. If you want to try it you will need to search around for an English page from which to download it (as it is a chinese product...try from here:

http://www.eqspywatch.com/download/EQSysSecureSetup.exe)

but if that does not work then that should not be too hard via Google.

You can get an explanantion on how to configure it from the following link (courtesy of Kees195:

https://www.wilderssecurity.com/showthread.php?t=170691

I have had a look myself and it certainly looks interesting.

But as with all these I would recommend that you downlaod and try out fpr yourself as each has its peculiarities that do not suit everyone.

Good luch

 

Is it safe to remove task manager from the protection of PG? I cannot terminate a program when the computer hangs and have to reboot. Would it be enough to have the programs themselves protected rather than have task manager protected or is there a way around that

 

Is it safe to remove task manager from the protection of PG? I cannot terminate a program when the computer hangs and have to reboot. Would it be enough to have the programs themselves protected rather than have task manager protected or is there a way around that

Edit: I am getting a message about waiting 60 seconds to post but is about an houra go I posted.

 

Hey DB if your up for suggestions then ditch Task manager and install Process Explorer(TM on steroids).
http://www.microsoft.com/technet/sysinternals/utilities/processexplorer.mspx

Once installed it can be configured to replace task manager by default and then all you would need to do is authorize it in PG to *terminate* and the hanging software problem is fixed

 

I'm not entirely sure what you mean but I am assuming that you want to be able to terminate processes using Task manager. If that is the case, then you need to give Task manager rights to terminate protected processes.

 

Do you mean you have TM set to run once in the Security tab? Or perhaps you mean you have denied TM the right to Terminate in the Protection tab? Either way there is a perfectly good way around it.

Just navigate to taskmgr.exe in Explorer and make a copy of it. Paste this copy to an entirely new location (say a new folder in Program Files) and rename it in any way you wish. Finally make a shortcut, on your desktop, of the copy so you can run it from this. Now you can tie the orignal TM up in security knots 'cos you will be using the copy and malware will not be looking for that. The only downside being if you needed to use alt ctrl delete (Process Explorer can be configured to replace TM in that regard).

Actually all you need to do is grant TM permission to Terminate and then set it to 'Run Once'; that should stop it from being exploited - though if malware is not allowed to run it can't exploit anything, unless you are thinking of a script which of course PG would not block.

 

But can the malware terminate a program in ProcessExplorer?

Thanks everyone who rsponded find it dificult to keep up becaue I just had a hang coud not terminate had to reboot

Think I will get the PE fcukdat would not want to be drunk typing that

 

In all theories specifically coded malware could perform that action if it is able to go native/live but then it would have to target PE directly for manipulation.

If the code is targeted at TM then PE will not be adversly effected as it operates independently of TM.

 

Let me put it this way...I never protected TM using PG. If a program is protected against termination by PG or PS (which I now use) then TM would not be able to terminate it anyway...so what protect TM from malware code that whilst theoretically possible has yet to be produced (and it is dubious that any one would waste the time to produce as there are cleverer way, so I am told, of achieving the same thing).

Just my thoughts on the subject.

 

My mistake. Thanks for your reply

 

My mistake. Thanks for your reply

sorry posted twice I keep geting message to wait 60 seconds, even tho it was more so did not realise had posted. Thanks to all for the info re terminations etc

 

Hi TopperID

"perhaps you mean you have denied TM the right to Terminate in the Protection tab? Yes

"Now you can tie the orignal TM up in security knots 'cos you will be using the copy and malware will not be looking for that."

Did that but it will not terminate. I changed its name and put in program files Says access denied

Thanks
David
PS sorry about double posts see it happened several times

 

I have Process Explorer now. This does not install? Where should I run it from or does it matter? I have dozens of instances of a screensaver in PE and task manager though it is not running. It seems every time it tries to run PG blocks but still it appears in the process tab of task manager

 

Just a personal setup choice of mine.I extract it to its own folder in Programme directory.On first time opening the main exe you get the EULA screen before opening the software.After this goto *options* tab of PE and select replace Task Manager. From now on Ctrl+Alt+Delete= PE

Not 100% what is causing that for you,it might be a conflict of installed software.Can you kill these multiple incidents with PE ?

 

On first time opening the main exe you get the EULA screen before opening the software.After this goto *options* tab of PE and select replace Task Manager. From now on Ctrl+Alt+Delete= PE

I missed that, can I go back tp it. And I cannot get the help file to open, it says page cannot be displayed

Can I make a shortcut instead of Ctrl+Alt+Delte. Always got task manager by right clicking in the task bar OK got it thru GUI right click on tm now PE

Can you kill these multiple incidents with PE ?
No only one at atime would take ages, anyway I had to reboot and they are not running yet

Why are some processes pink/blue/yellow? Can'rt kill in PE PG says access denied, evn though PE not entered. Will it take the settings for task manager from PG?

Thanks
David

 

Have you tried through software help tab or the procexp.chm file in the PE folder.

Yep you can shortcut it to your desktop
Right click on procexp.exe file>>>send to>>>desktop(create shortcut)

<Process Explorer uses difference highlighting to help you see what items change between refreshes. Items, including processes, DLLs, and handles, that exit or are closed show in red and new items show in green. If the refresh rate is not paused the highlighting remains in effect for the interval specified by the Options|Difference Highlight Duration dialog, which has a default value of 1 second. If you pause the display the difference highlighting is in effect only until the next time you manually refresh>

<snipped from PE help file>

 

Have you tried through software help tab or the procexp.chm file in the PE folder.

Yes but it says the program cannot display the web pagepage when click each topic. and I can't terminate protected programs from it

 

No you will have to configure procexp.exe permissions for PG to allow PE to terminate <kill process>

For this goto protection tab of PG.Select add application = procexp.exe

Authorize it to terminate,modify and read.

 

Authorize it to terminate,modify and read.[/ Done now

I understand now, won't terminate protected progs? Is that right?

 

PE should now be a process killer(even protected ones)