Ok, I just noticed that Process Guard actually uses md5 checksums of executables for handling signatures for "known" programs. Sorry, but I am really, really disappointed by this. Md5 has been proven completely broken for more than a year now. There have been proof-of-concept demonstrations of just how broken md5 is, for X.509 certificates (http://eprint.iacr.org/2005/067), executables http://www1.corest.com/corelabs/projects/research_topics.php?, meaningful documents http://www.cits.rub.de/MD5Collisions/, and there are tools for creating collisions in a really brief time on a common notebook http://eprint.iacr.org/2005/075. If you don't believe this really affects Process Guard go ahead and try using these two executables: http://www1.corest.com/corelabs/projects/research_topics/Richarte_md5-2-collisions.zip. Try permanently allowing one and then replace it with the other different executable. Process Guard won't complain that the exe changed at all. I just don't understand why Process Guard actually still uses md5 instead of something like sha256 or sha512 (sha-1 has been proven broken as well, however NOT NEARLY as broken as broken as md5). Not only md5 is broken now, but its weaknesses are going to become trivial to exploit in a very short time (if they are not trivial already).