Can PG protect against this?

Discussion in 'ProcessGuard' started by siliconman01, Nov 3, 2004.

Thread Status:
Not open for further replies.
  1. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Here is a somewhat disturbing event that is under scrutiny through the AdAware forum where a malicous program is modifying the Ignore List of Adaware, thereby preventing detection of spyware.

    http://www.lavasoftsupport.com/index.php?showtopic=50560

    I'm wondering if PG can prevent modification of files that are not executibles, for example IGNORE.INI.

    I tried putting IGNORE.INI in the protection list of PG and then doing a modify on the file. PG did not stop it.

    Just wondering! :rolleyes:
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Siliconeman01, Currently ProcessGuard on caters for executables but wouldn't an ini file initiate the running of a process? If so Execution Protection would probably stop it.

    Pilli
     
  3. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    All a program has to do is keep a file handle open to prevent that file being deleted, it'd be easy for the Adaware author to add that
     
Thread Status:
Not open for further replies.