Does PG stop this?

Discussion in 'ProcessGuard' started by JimmyPage, Oct 31, 2004.

Thread Status:
Not open for further replies.
  1. JimmyPage

    JimmyPage Guest

    I recently heard a keylogger called Spytech Spyagent will stop many of your antispy programs from working and was wondering if Process Guard will stop this keylogger from disabling your antispy programs?

    Let's say you got the keylogger on your system somehow and then later installed PG would it help to stop it then or would you need PG installed to begin with?

    Also (if you already had PG installed) lets say you temporarily shut down PG and then the keylogger was installed could you then turn on PG and stop the keylogger from stopping your other antispy programs?

    Thanks.
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    ProcessGuard should be installed only on clean systems. It is not like an AV or AT and does not use defintions to check for malware.
    What it can do is stop any program such as a key logger from installing and it does this in at least two ways
    To run the keylogger would have to run an installer program, so you would see a permission request.
    Key loggers rely on setting hooks, ProcessGuard will not allow this if "Block Global hooks" is enabled. Protected list programs that require to set global hooks can be given permission as necessary.

    If you disable protection then malware can do what it wants.
    If you mean shutting down the ProcessGuard GUI then, yes, you are still protected.

    So you can protect your other Security programs such as AV, AT and anti spyware programs from being shutdown or suspended providing they are on ProcessGuards protection list even if you did give a program such as keylogger permission to run.

    Process Guard would, therefore, be your first line of defence protecting your secondlines of defence like your firewall etc.

    Apart from the user, currently there is no known way of shutting down ProceessGuard or the programs it protects once ProcessGuard is enabled . :)

    HTH Pilli
     
    Last edited: Oct 31, 2004
  3. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi,

    if you disable ProcessGuard (not just exiting the GUI, but choosing "disable") then an advanced keylogger (driver) could install and then remain unvisible to any program, even to ProcessGuard.

    However, if ProcessGuard is always enabled, you will be prompted first to allow the program to start, and if you do, either when the keylogger will want to create a global hook or then it will try to install a driver, or then it will try to attack your security apps (provided they are on the ProcessGuard security list), you will be warned.

    They is so 4 kind of warning you could face while beeing "infected" with a keylogger, so I think you are pretty safe with ProcessGuard ;)

    regards,

    gkweb.
     
  4. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Termination attacks by these types of programs will usually always fail even if you are infected already :) While what Pilli says about installing only on clean machines is VERY important for absolute security, PG also helps clean machines infected with a large percentage of malware! Any program which starts as a normal process OR service can be denied from starting, then you reboot and delete it :) THAT simple. Other types of malware could be trickier if already on the machine, but that is actually a way lower number of possible nasties than other trojans out there. So try the free version tomorrow, it will definitely help you secure your machine better.

    SpyAgent I haven't had to analyse for a little while but I remember there are DLL's involved which are started after logon, a simple attack. ASViewer would help you which is free ! www.diamondcs.com.au/index.php?page=asviewer - you should be able to spot any variant of SpyAgent, you can post the log for help
     
  5. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    HE HE HE IF SOME ONE HAS Spytech Spyagent Tey should submit it to tds so it gets added to list of badys for tds lol
     
  6. MichaelE

    MichaelE Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    79
    Location:
    V?ster?s Sweden
    Gavin
    ""PG should be installed on a clean machine??""
    Does this mean that to be safe I must format C:\ and then instal WinXp and then PG and then all my other stuff o_O??
    Oh my... what a hazzel ??
    I am using PG but did not follow that procedure.
    Michael the retiree up in Sweden :rolleyes:
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Michael, If you have just reformatted this would be ideal but impractical for most ppl :)
    No, Just ensure that you run every single scanner and other clean up utilities before installing ProceeGuard. i.e As clean as possible. :D

    Cheers. Pilli
     
  8. JimmyPage

    JimmyPage Guest

    Thanks Pilli, Gkweb, and Gavin for your help. I'm not actually infected with the keylogger, I was just wondering how well PG could protect against it.

    I guess I'm in luck because I'm going to be installing XP on a new hard drive soon. So should I install PG right after installing sp2? And before ANY other apps like a firewall, AV, antispy programs ect...? Thanks again.
     
Thread Status:
Not open for further replies.