How can I know all the running processes are protected by AD?

Discussion in 'Ghost Security Suite (GSS)' started by Dryopithecus, Jan 5, 2006.

Thread Status:
Not open for further replies.
  1. Dryopithecus

    Dryopithecus Registered Member

    Joined:
    Sep 26, 2005
    Posts:
    22
    How can I know if all the running processes are protected by AD?

    I've tried "System Safety Monitor" (SSM) recently. It features a "Process monitor" tab that shows every processes running, and the processes that have no rules setted are highlighted in blue color. (please see the attached image below)

    And SSM also features seveal modules that monitor the system registry, startup menu & services.... make sure no process will be launched without user's permission. Even if some processes may run when SSM not running, you can find out these processes in the "Process monitor" tab (highlighted in blue color).

    I 've tried AD recently too. It features great performance & stability. I'm very happy with it.

    But it seems it doesn't offer a similar feature just like the "Process monitor" of SSM.

    If AD doesn't have the "Process monitor" yet, will it have a similar one in future? :D
     

    Attached Files:

    Last edited: Jan 5, 2006
  2. [suave]

    [suave] Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    218
    Re: How can I know if all the running processes are protected by AD?

    Hey Dryopithecus,

    With AD, ALL the processes are protected via the .DEFAULT rules.

    You don't need to have a list of all running processes like in SSM.

    Also, you can fine tune the rules how ever you like for each process if that's what you want to do.

    And also with AD, you can set it to only allow certain processes to start or be prompted for action everytime a process starts just like SSM.
     
  3. Dryopithecus

    Dryopithecus Registered Member

    Joined:
    Sep 26, 2005
    Posts:
    22
    Re: How can I know if all the running processes are protected by AD?

    Hi, Suave,

    Thanks for your reply, and sorry for my poor english. ^_^

    Sometimes, I may turn off AD for some reason and turn it on later. Between the OFF and ON, "trojans" may run. (sorry for my poor english again....)

    With SSM, I can easily find the "trojans" in "Process monitor" tab (highlighted in bule color); with AD, it seems not this easy. That's what I really worry about.

    Best Regards
     
  4. Gary Graham

    Gary Graham Registered Member

    Joined:
    Apr 16, 2003
    Posts:
    28
    Location:
    Michigan
    Dryopithecus, have you tried ProcX ?
    It is in the free utilities at GhostSecurity. When you run it, it lists all running processes, and quite a bit of information on each, including a list of the DLLs for each application.

    You really should not be shutting down AppDefender, but if you need to, before you do it, startup ProcX, and note what all is running. If anything else starts up, ProcX can kill it for you.

    ProcX can also be told to replace Windows TaskManager, so you can bring it up with a Ctrl/Alt/Del keystroke.

    Hope that helps.

    Gary
     
  5. Dryopithecus

    Dryopithecus Registered Member

    Joined:
    Sep 26, 2005
    Posts:
    22
    Hi, Gary,

    That sounds great! I will try it at once. Thanks very much!

    Best Regards
     
  6. Gary Graham

    Gary Graham Registered Member

    Joined:
    Apr 16, 2003
    Posts:
    28
    Location:
    Michigan
    Dryopithecus, Check out all the free GhostSecurity programs.
    I think you will be surprised how usefull they will be.

    Gary
     
  7. [suave]

    [suave] Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    218

    Hey, I was just about to recommend ProcX to him as well :D

    but you beat me to it :isay:
     
  8. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    Re: How can I know if all the running processes are protected by AD?

    Hi Suave,

    I hope you don't mind me asking a question in regards to statement above. Do you mean because of all the processes being protected by Default automatically, I wouldn't have to play around with any rules?

    It sure looks like a nice program!

    Thanks
     
  9. berng

    berng Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    246
    Location:
    NJ, USA
    All programs are covered with the default rules but the defaults I received are Ask User/Allow. So, if for some reason the user can't be asked, then the program will be allowed its action.

    But you can alway change the default rules :)
     
  10. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    Thanks Berng, I will have to check it out.;)
     
  11. [suave]

    [suave] Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    218
    Rilla927,

    Don't be worried about "playing around with the rules".

    You will find that it is real easy to understand.

    There is nothing to know really, its as simple as setting it to ALLOW, BLOCK, ASK-ALLOW or ASK-BLOCK.

    It can't be any easier than that. :)
     
Thread Status:
Not open for further replies.