pe guard

Thanks. I was actually thrown off by your earlier quote:

Now I know better!

 

Yes, completely understandable. I was just a little confused myself. All I did was remove the two startup items and remove the files.

 

I'm a big fan of portable software myself and i've done some 'portabilities'.
One easy thing that could be done to make it fully portable is to make a .ini file that save the changes made to the registry, delete registry changes when exiting the program and load the .ini file when the program is started thus changing back the registry to previous settings.

But i like PEG2 to be running permanently on my system.

BTW, not a single bug so far.

 

it's good how is it;s termination protection?di any one tried this?

 

More about PEG2

I turned off the termination protection in beta version..

More about PEG2:
- Detection is based on the content not on the extension.
- Internet Mode: you can download/copy PE files, but you can't run what you've downloaded until you change the mode.
- Shortcuts: to Enable/Disable PEG2, to change the mode, shortcuts in the warn window (like A = Allow, D = Deny, T = Terminate...) and, also, press Enter in the warn window for fast Alow..


Opaida.

 

nice op

 

Re: More about PEG2

Does PEG work as an anti-executable?

 

Re: More about PEG2

Anti-executable, as I think, means security system based on whitelist..
if it was so, then PEG2 is not anti-executable..

 

Re: More about PEG2

Anti-executable means any unknown software is prompted before execution, like for example new viruses. An anti-executable doesn't necessarily include white-listing, but it's very crucial to ensure ease-of-use for the end-user.

 

Running real nice so far. Nice job Opaida

 

Re: More about PEG2

Ok peg2 doesn't have whitelist, but it isn't an anti-executable because it doesn't inspect execution..

More about PEG2:
- USB Protection: when set, none of the executable files that in the flash memory can be run until the user manually copy them.. so, bye bye autorun.inf!
- In PEG1, the warnings appear one by one..i.e. if there are two warnings, the second warning will not appear until the user responds to the first one... but, with PEG2 the warnings appear together..

Opaida.

 

Opaida, I emailed you Friday/ Saturday.

I mentioned some problems that I had installing PEG2.

 

Just saw your email where you quote:-

"You can have peg1 & peg2 together... it's not a problem..."

I will have another go at installing, since I have 4 FD-ISR snapshots to choose from.

 

When in Internet mode,

- it does not prohibit execution of psecex.exe for instance (generally programs executing in command.com)

Request

Would be nice when for instance zip/rar's etc could be inspected on content (or ADS info used wo prevent execution of executables in that archive).

 

The beta version, that I'd sent, doesn't inspect dos programs (like com, bat, cmd..)..


PEG2 already inspects ADS .
And about compressed files, I think it's not a problem to have an PE file inside an archive file (since it will not be executed until it be uncompressed).

Opaida

 

I am uncertain whether the ADS info can be used for Internet Mode when unzipping an executable. I tried unzipping an downloaded archive and PEG2 remained silent . . .

Regards Kees

 

Please add them. Microsoft considers this executables

*.ADE *.ADP *.APP *.ASP *.BAS *.BAT *.CER *.CHM *.CMD *.COM *.CPL *.CRT *.CSH *.EXE *.FXP *.HLP *.HTA *.INF *.INS *.ISP *.ITS *.JS *.JSE *.KSH *.LNK *.MAD *.MAF *.MAG *.MAM *.MAQ *.MAR *.MAS *.MAT *.MAU *.MAV *.MAW *.MDA *.MDB *.MDE *.MDT *.MDW *.MDZ *.MSC *.MSI *.MSP *.MST *.OPS *.PCD *.PIF *.PRF *.PRG *.PST *.REG *.SCF *.SCR *.SCT *.SHB *.SHS *.TMP *.URL *.VB *.VBE *.VBS *.VSMACROS *.VSS *.VST *.VSW *.WS *.WSC *.WSF *.WSH

Regards Kees

 

Sorry, there was misunderstanding.. I meant that PEG2 inspects ADS, so PEG2 will alert you when an PE file is hidden in ADS.. like this
c:\> type c:\windows\notepad.exe >file.txt:hidden.exe

 

THX Kees, I'll study these files..

Opaida

 

the most danger executable files are sys,temp,ocx,exe,dll

 

@Jmonge
Just curious why did you stop using Bluepoint Security?

 

Soap is not a great security risk either, just don't drop it when showering in prison, so handle with care

 

Yes, all of these file have Microsoft PE header.


Help files will be like this one:
-http://www.youtube.com/watch?v=-ktQep3XBSo-

 

I have a question. Is it OK to use PE guard + Windows firewall than using a strong HIPS firewall like ZA, Outpost, Private Firewall, PC Tools or Comodo?

 

LOL! Very funny.

I haven't tried all of those combinations, but i have tried some and i had no problem at all. My guess is you won't have any problem either.