Discussion in 'other anti-malware software' started by EscapeVelocity, Apr 7, 2010.
What is the last stable release of Process Guard? Currently in need of an anti-executable.
Download the latest free PG from DiamondCS it has an excellent anti-exe.
PG still works fine also SSM
I believe it, the problem with them is: how much autoprotection they have ? And how much they can protect from new rootikt kinds released after they was discontinued and not more developed ?
As for ssm, I will only say that even DefenseWall III cannot stop its work or kill its GUI!
rather another download location, looks like DiamondCS is finished - we'll have to see if the site resurrects itself in the future but atm suspended (again.)
i noticed their account has been suspended
The last, best version is 3.15
There were a few versions after that, but some people had problems with them.
Also I think they were aimed at stopping a few threats that targeted ProcessGuard specifically.
Get ProcessGuard 3.15 here:
Guy's if you have have a good firewall with HIPs and an anti virus like Avast home and sandboxie why do you want HIps
Most people here just like testing, or just like having a layered setup. They just like it to have certain programs, not because without it they will have viruses all the times. But just because they want it.
Including me: With Windows 7 Home Premium 64-bit, firewall: on, defender: on, uac: highest, dep: all programs and services and aslr enabled. In combination with a updated system and IE as browsers. (In other words: just using what the operating system offers.) I will never be infected. But next to that I also have ESET which I actually don't need, don't think it ever discovered something (except from a couple of bad websites). And Hitman Pro I certainly don't need, it never found something. But I just like the program so I use it. That's why we are all here on this forum. Because we like it .
Having more than one "HIPS" is pointless regardless of whether one is part of a firewall. If you want to test freestanding HIPS software like PG or SSM, you should use a firewall that doesn't have one. The older HIPS like PG and SSM work very well. With SSM for example, a lot work went into making it able to defend itself.
Rootkits are installed by a running process. Any HIPS will catch that process trying to start. Apps like SSM will catch attempts to install drivers, add services, and many other low level activities. It may be possible for a malicious process to use a method that they weren't designed to catch, but the only way that can happen is if the user allowed that process in the first place. In such a scenario, the HIPS is being asked to function as more of an intrusion containment system than a prevention, which is not what they were designed to do. That would fall more under the role of a sandbox or virtual system. HIPS were designed to keep something like that from ever running in the first place. If that protection isn't bypassed by the user, they prevent rootkits very well.
PCTools Firewall does not have a full-scope HIPS by any means, so that FW + HIPS should engender no conflict. Private Firewall has Dynamic Security Agent, an "anomaly detector" but not a true HIPS.
Ergo, either of those 2 firewalls -- both of them contemporary -- should run just fine with a stand-alone HIPS such as Malware Defender or Comodo's D+.
Who says we have, or want those things? (respect to sandboxie though)
I only use an on demand AV. I have tried most of the newer firewalls. But have had issues of one sort or another, bugs, clunky interfaces, slowdown, decisions made for me, etc.
Anyway, to each their own, there are any number of good ways to protect your system.
I keep seeing people refer PG as an anti-executable, but I tried it not too long ago and never seen such capability. There's no default deny option or way to make it silent by denying everything outside of the current files on the computer unless explicity allowed. Can anyone explain
Duh not for the free version you have to have a licence to fully lock up this baby
"Auto block new and changed applications"
Ya, I know it and I agree. But we know that an HIPS can fail an intrusion attempt ( what are they the leaks tests ? ), so may be that some recent rootkit can disable some HIPS. Otherwise HIPS would mean complete invulnerability ( they are not too far... ).
Both the leaktest and the rootkit installer are processes that have to be initially allowed to be successful. If that initial execution isn't allowed by the user, both fail.
Yes ! This is what I call a user friendly HIPS.
Running here with XP Pro SP 3 without problems (antihook v 184.108.40.206)
Aha, that might explain. I used the last free Antihook version 2 on xp-sp3.
yea, I loved that one too but the people at antihook wouldn't sell me a license for it. Reason being, they were fixing to release an update to it. That was over one and a half year ago, no update as of today.
hey guys are PG and SSM programs that ask you decide "if yoiu have to allow or not"?
-also what's the difference between those 2 with online armor free,and outpost pro
PG doesnt protect you registry like SSM and OA do