NEW RELEASE: Process Guard v3.0

Hi Arctic, Making a list of all programs that could be protected and their settings is an incredibly difficult task, though Gavin hopes to compile something in the future based on user feedback.
Learning mode is much better now so a lot of the pain has been taken from that.

To back up your lists:
Disable Process Guard. Navigate to the *\windows\system32 folder and locate pguard.dat & pghash.dat copy them to another folder or to a ZIP file.
Hopefully Jason will give us a "Back up" button.

HTH Pilli

 

When you say copy pguard.dat & pghash.dat to another folder do you mean to right click on them and copy and then paste it to another folder or do the drag and drop to another folder? If I drag and drop them to another folder doesn't that remove them from PG?

Also once I have my copy how do I put them into the new PG3? Once the program is installed do I just find where I have the folders copied and then drag and drop them into the new PG3 and save them replacing the ones that are in the new version PG3?

Sorry to be so much trouble.

 

Hi Arctic, Not drag as this moves them - Copy & paste is what I meant
To replace if needed then again disable PG ans copy and paste back and allow replace.

You can also use XP's compress function - Right click on them and send to a compressed file. If you do it within the system32 folder then you will have pguard.zip etc.

HTH Pilli

 

Thank you again for all of your help Pilli.

 

arctic,
but do keep in mind that you will not be able to use those .dat files from PG v2 in PG v3. What you can do is save your .dat files from the current v3 beta and use them when PG3 reaches final, but you won't be able to do the same thing if you're in PG v2 right now. If the latter is the case, then, unfortunately there is no way for you to save or import your current settings into the new version (and I doubt that this will change when PGv3 goes gold). But the new version has a very powerful learning mode which will let you build your protection ruleset very quickly. Trust me - or do some more reading on this forum, there have been plenty of reports of how easy this is now.

Andreas

 

Congrats to DCS for a version 3 tha runs better and seems smarter.

Here are a few comments that may help some users.

PG3 is streamlined. PG2 features that seem to have disappeared are simply merged more logically into other functions. Although it seemed unthinkable, I first thought that file fingerprinting had disappeared, until I read the 3rd option on the main page. It implies that PG3 not only keeps tracking program signatures, but the user can no longer fool with that function as was the case in PG2.

As usual with PG, the way to get great protection and still not trip over yourself is to keep the radical global options on while simply offseting them for the specific EXE files you want to protect. For instance, generally blocking hooks while still making hooks possible for trusted applications that open a file with a user password. If unable to make hooks, this kind of programs (e.g., Quicken 2001) seems to tell you that you have entered a wrong password when you may not have even seen the password window yet.

One new global option I have not turned on yet is RAM-access blocking. Some users say they have turned on all 4 global options. Yet the RAM option looks like something you want to turn on only after you stop installing new programs and after you have routinized your operations ... or when you feel a bad guy is already in the system and you must keep it out of RAM. But then again, if this thing is on each app you want to run has to be granted individual access to RAM. This is a great option but, not handled well, it could get you "hospitalized", as someone said, because it's supposed to defeat programs.

I especially appreciate the new feature where you see which program is lauching the application that's asking permission to run. If that specific launching sequence changes in the future, I assume PG3 will flag up an alert! For instance, if Internet Explorer is ever launched by something other than C:\Windows\explorer.exe.

Conclusion: it may be too early to tell, but PG3 seems like another DCS score.

Next step? Fingerprint DLLs?

 

Hi Pigitus, Thanks for your comments.

I am not sure if this is easily achieved in the current Process Guard environment and would be concerned about the resources such an addition would need ie. logging and hashing all those files.
If it is or may be possible it would probably be better as a switchable option like the current .exe checksumming.

Pilli

 

I have mine turned on, but Pigitus has given me food for thought.

Comments please? (Pilli, DCS, anyone?)

 

Hi Oremina, I do not give any applications Allow - install global hooks, install drivers / services or Access Physical memory unless I have a problem running an app and the Alert log is showing a reasonable Block message for that app.

But that's me, I like building my lists slowly but once done Process Guard just sits quietly in the backround doing it's job only alerting when I add new apps or updates etc.

HTH Pilli

 

It does Pilli. All four Global Protection Options ticked and watch for alerts, which is what I have been doing. Thanks.

 

The problem appears to be fixed and I can now see an unlock code. Thanks!

 

If I purchase PG 2 now and register can I install the beta and also upgrade to PG 3 for free when it's released?

Thanks,

Chris

 

Quoting Jason/DCS:

"This is a Public Beta and is available only to registered Process Guard users (click here to register). ProcessGuard registration is one-off, so all existing registered users are entitled to upgrade for FREE!"

Nick

 

Don't know how I missed the 2nd part but I did. Thanks Nick. Now it sounds like I should just wait till it's released which shouldn't be long so I can get free upgrade to 4 then.

Thanks,

Chris

 

We currently do not impose version restrictions on upgrades. Hence our ProcessGuard v1.000 customers, still get version v3.000 as a free upgrade. As will ProcessGuard v2.0 purchasers get v4.0 or v5.0 if/when they are released.

 

Just purchased version 2 last night but installed PG 3 beta of course. All I can say is I love it and wish I would have purchased sooner.

Thanks,

Chris