How about a PG3 advanced mode

Discussion in 'ProcessGuard' started by gottadoit, Nov 2, 2004.

Thread Status:
Not open for further replies.
  1. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Following on from several other threads I have read in the past day or so, and some earlier "wishlist" comments of my own, I thought it might be useful to see what other people think about having an advanced mode and what people think might be useful to have in it

    https://www.wilderssecurity.com/showthread.php?p=289051#post289051
    Jason,
    What do you think about enhancing PG3 in an "advanced mode" to specify an "allow" based on the parent process also being able to check the parameters for both the parent and the app being started (using regexp's)

    As people rightly point out and as you have indicated above, it is better to be more specific when accepting processes to run

    While technically oriented people might be happy to run apps this way surely there should be a way to cater to a technical person setting up a computer for someone that doesn't need/want to know the details

    And if you were to do that then the "profiles" and being able to export/import them would matter seeing as nobody would want to go to all that effort without being able to save it and re-import on one or more computers.
    It would also assist adoption of this as an enterprise tool, At least in my case I can say that US$6 is not a big burden to entry for 25 licenses but the cost of a support persons time to make all 25 computers act the same way would easily cost more than the product...

    To use a simple example, I support a small business with less than 20 computers, and whille learning mode might be useful I'd prefer to setup one computer properly and then replicate the config to the others so I can be sure that they are the same. It also gets around the issue of possible trojans being there during the learning mode, by not entering the learning mode at all

    Also see https://www.wilderssecurity.com/showthread.php?p=287265#post287265

    As far as a new feature goes, this hopefully meets your new criteria of being simple to specify and use. If the "advanced mode" was enabled there would be a list of paired text boxes to specify one or more parent processes (by regexp) and one or more sets of command line parameters to go with each parent process (and a comment field to help people remember why it was added)

    This caters for the lockdown freaks (and helps stop them getting RSI) by removing the need to continually click on Allow

    It would also allow "experts" to share settings on this forum, if you have a look through the forum with the initial comments about PG3 there are a lot of should this program do (or have) "this or that" questions (as could be expected)

    Complications that I can think of (initially at least) are :

    - Learning mode, if a user has enabled "advanced" should the learning mode start to remember and record the parent process name and parameters and the apps parameters as well

    - Display in the Security tab, to visually distinguish apps that are allowed to just run (irrespective of advanced restrictions) and ones that have advanced restrictions (maybe a + in the filename column to see a tree of them)

    - Some bright spark would realise that they could specify '*' or "c:\apptmp\abc*.exe" as the process name with a specified parent process to stop the annoying warnings to allow programs to run regular activities that run from temporary executable files
    [which is a very good thing for those of us that have apps like that and I have seen at least one post referring to someone else with this issue]

    Great program and as has been said by yourselves and others the design/UI offers a lot with simplicity.

    It would also be good to be able to be more specific about what can be executed because when you are dealing with security it can never hurt.

    Thanks
     
    Last edited: Nov 2, 2004
Thread Status:
Not open for further replies.