n00b type question

Discussion in 'ProcessGuard' started by dsmythe, Mar 9, 2005.

Thread Status:
Not open for further replies.
  1. dsmythe

    dsmythe Registered Member

    Joined:
    Mar 9, 2005
    Posts:
    9
    Location:
    Concord, CA
    Not to sound too green but, what's stopping a root kit or a trojan from just stopping the PG service(s) and then infecting the box?

    -d
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi dsmythe, To do that the rootkit would have to install a driver or service which PG prevents unless specifically allowed by ProcessGuard which works at the kernel level. This is providing that you enable the four general tabs.
    Also if the dropper is an executable PG will ask if you wish to allow execution.

    HTH Pilli :)
     
  3. dsmythe

    dsmythe Registered Member

    Joined:
    Mar 9, 2005
    Posts:
    9
    Location:
    Concord, CA
    Thanks, I had a feeling going into it but I just had to ask.

    Thanks again,
    -d
     
Thread Status:
Not open for further replies.