Free

Discussion in 'ProcessGuard' started by Feivel, Jun 23, 2004.

Thread Status:
Not open for further replies.
  1. Feivel

    Feivel Registered Member

    Joined:
    Nov 7, 2002
    Posts:
    100
    Location:
    Baytown, TX
    I am running Process Guard Free to see if I want to buy the full version and I have to say one thing...I AM IMPRESSED

    I forgot to add that if I have noproblems with PG today (apparently I will have problemswith my space key not working) I will purchase the full version tonight.
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Feivel, If the trial works OK on your PC you will probably find that the full version will run even better as you can add as many programmes as you wat to the protection list.
    Please read through all of the threads here before adding lots of apps as this should be done slowly and with care.

    Enjoy. Pilli :)
     
  3. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Agreed, Feivel. PG is a find product and does it's job as advertised. However, as Pilli stated be sure to read through the threads, and keep copies of the .dat files. You might need them someday.
     
  4. Feivel

    Feivel Registered Member

    Joined:
    Nov 7, 2002
    Posts:
    100
    Location:
    Baytown, TX
    I understand your advice and I am reading the threads here. Right now I have PG Free, and WG running full time (besides NOD32, WinPatrol, ZAP 4.5 and TrojanHunter). I really like TDS-3 and am probably going to dump TH for it and WG. pG seems to be a very good extra layer of security but I do have a question (or shall I call it a problem). I downloaded Advanced Process Termination from the DiamondCS site this morning. I finally decided to run it against the program I am protecting (nod32.exe). When I hit ALL, I was quite surprised to see that the termination was successful. Same thing happened when I hit ALL on dcsuserprot.exe. Before anyone asks, I did have all 4 of the blocks in place. I tried the test again after I removed NOD and protected WinPatrol. PG prevented shutdown so I tried to kill dcsuserprot again and the kill was prevented. I removed WinPatrol and reprotected NOD32.exe and again PG worked like a charm on both nOD and dcsuserprot. Any idea why PG faltered the first time?
     
  5. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, Feivel

    I believe it is a time lapse thing.

    Somebody with more expertise will explan it better.

    Take Care,
    TheQuest :cool:
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Heya D@C seeing you growing in the forum and helping out people with more experience by the day, no longer dazed nor confused but confident, how about changing your nick into D@CE or Daisy would sound the same and sound soooooo sweet!
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Feivel, You really need to read through the FAQ's regarding Close Message Handling (CMH). Enabling CMH on program gives the Process Guard the ability to stop all the common termination methods.
    CMH is still a little experimental ie. under development and requires that the user applies dilligence to it's usage. Sometimes the procguard.dll is not injected correctly into the protected program.
    Remember Close Message Handling can be applied to any of the Protected list programs in the full version.

    Faber Toys or Process Explorer will show you if this is the case or not.

    Screenshot showing that procguard.dll is properly injected into Port Exlorer.
     

    Attached Files:

  8. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Pilli,

    I am also evaluating PG, and have NOD32 protected. I a not seeing the DLL in Process Explorer. Does this mean it's not protected? Se pics...
     

    Attached Files:

    • pg.gif
      pg.gif
      File size:
      14.8 KB
      Views:
      188
    Last edited: Jun 24, 2004
  9. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    ...continued. PG is enabled.
     

    Attached Files:

    • pg2.gif
      pg2.gif
      File size:
      6 KB
      Views:
      191
  10. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    ...continued. Don't see DLL file here...
     

    Attached Files:

    • pe.gif
      pe.gif
      File size:
      30.8 KB
      Views:
      190
  11. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    ...continued. Or here.
     

    Attached Files:

    • pe2.gif
      pe2.gif
      File size:
      17.9 KB
      Views:
      186
  12. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    I have found that sometimes you have stop/restart the protected process several times before Close Message Handling protection "takes hold". That includes procguard.exe as well. Since I can't depend on it from one boot to the next, I don't bother with CMH protection.

    Nick
     
  13. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    I'm reading Pilli's post again. Is he saying that CMH can ONLY be added to ANY progams in the FULL version? If that's the case, maybe that's why I don't see that .dll file.
     
  14. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    That's the case. CMH, in the full version, is only enabled on a process by process basis. Not as a global option.

    Nick
     
  15. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Thanks, Nick. If that's true, that would explain it. However, I was able to add it under options (see screenshot). It shows to be an enabled option on NOD32 in the Program Protection window. I' have tried shutting down NOD32 and restarting with no luck. I'm going to try restarting the PC now.
     
  16. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    The only trial version I ever used was the first public release (and I don't remember CMH prorection being a feature back then). I would take what Pilli said literally, that it's not available in the trial version. If that's so, it would be less confusing if that option were "greyed out".

    Nick
     
  17. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Thanks again, Nick. I fear your right. I'm going to want until morning to see if Pilli confirms. If he does, it will probably be just the nudge I needed to end my free trial and go with the full version. Every other feature is working well. :D
     
  18. Feivel

    Feivel Registered Member

    Joined:
    Nov 7, 2002
    Posts:
    100
    Location:
    Baytown, TX
    Same here although it certainly didn't "feel" to friendly when I was told to read the FAQ (which I have) and BTW Pilli, I did have CMH enabled.
     
  19. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi All, Sorry for the late response, Euro 2004 & sleep got in the way :)

    To be honest I am not sure if the trial version does allow proper Close Message Handling though I think it does not. I am hoping that Jason will respond regarding this.

    Process Guard is an extremely powerful addition to your layered defence with or without CMH and it does take a while to set it up correctly, having said that once it is running properly it takes very little effort to maintain it.

    In nod32 if you set a password you probably do not need to use CMH, this is also true for Kasperskey, Zone Alarm, & Sygate as they all have low level protection built in. Outpost 2 does not and I use CMH on it with no problems on my Server 2003 PC..

    If you do apply CMH to a few programs and then check to see that the procguard.dll is injected properly I have found that using hibernation or system standby, rather than shutdown, saves a lot of re-checking.
    Obviuosly some updates etc. may require a reboot but most of the time it is not necessary.

    Pilli
     
  20. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Hello, Pilli! Just to confirm - Are you saying that I don't need PG at all for NOD32, or that I just don't need the CMH feature for NOD32 (assuming I have a password set)? Thanks!
     
  21. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi D & C, Close message Handling need not be enabled but you would still have the two main NOD32 processes in your protection list along with any other security or internet enabled programs.
    By using the password function within NOD32 you are effectively giving it a human interface capability :)
     
  22. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Thanks, Pilli. :)

    I do have a related question regarding CMH, but it's probably best I open a new thread for that one.
     
  23. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    Hello, I just downloaded the free version - what i'm gathering here is I should protect my antivirus exe?

    edit - nevermind, that makes the most sense
     
    Last edited: Jun 27, 2004
  24. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Hello, Lynchknot. It's really up to you, but that's what I've done. I've got Zone Alarm as my firewall, and it has it's own protection.
     
  25. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    I guess I should read help, but easier to ask as my eyes are failing - does this need to run minimized and I don't see a setting to run when windows - or do I make a shortcut for startup folder?

    **edit - nevermind. When I starte spysweeper, it alerted that I have a new startup program - funny no other app did (teatimer)

    *edit again - I'm not sure what this is but it alarms me

     
    Last edited: Jun 27, 2004
Thread Status:
Not open for further replies.