pe guard

Install the current version of PEG in VMware and copy a file from the host via drag&drop onto the VM desktop.
Now the VM and VMware itself completely died. You have to kill VMware via task manager on the host.

 

I'll answer these when have some time. . I've an exam

 

unfortunately, I made a litile mistake in the last update.

here is the fix:
xxtp://www.ohtic.com/products/update/peg2.exe

Please replace the old file with the new file.
Hope this will not be repeated again.

Opaida.

 

PEG2 blocks VMware and waiting for your response. Alos, VMware blocks the guest OS waiting the copy of file to be finish ==> Dead lock.

If there was a countdown timer the problem wouldn't occurr.
But wildersecurity members didn't like the countdown timer and request to delete it in version 1 and I delete it in the version 2.

 

I don't know one right now, but there has to be a solution.
Maybe you can handle the involved VMware process in some way internally.

 

This problem is not specific to PEG2, for example if you installed an AV in the guest OS and trying to copy a virus, which is known by the AV, then the AV will block copying too.

The problem is in VMware, they mustn't block the guest os when copying.

Temporary solution: Remember to disable AV/PEG2(or change the power mode) before copying. !!

 

agree with opaida

 

Some recommendations:

- window should be on top - this is a bug. After extending the window with >> it's not on top anymore.
- window should show a button in the task bar
- window should be resizable, for my opinion its width is too small. Save and restore size.
- include a full version number in the about dialog. The About dialog shows '2'. Is it a 2.0 or 2.1 now?
- add an option to always show the extended popup window (">>")

 

Replaced the file and it's now working. Thanks for the quick response, program is working very well. I'm impressed by the small number of pop-ups, even in power mode.


Thanks, Opaida

 

dont forget to put back your guard in power mode man

 

- Agree.
- Need to argue that
- Need to argue that
- Agree.
- Agree.

THX .

 

Thank you jmonge and Kid Shamrock.

 

Just for my understanding:

Does an enabled/visible "Prevent Write" button in the popup make sense for the event "CREATE NEW", and maybe even "OVERWRITE"?

 

No, It doesn't make any sense. Because it is equal to Deny in these cases.
I'll disable it in the next update.
Thank you again.

 

jmonge has mentioned anti-keylogging abilities... what browsers, etc. will be protected?

 

I think he mentioned to this post:
https://www.wilderssecurity.com/showpost.php?p=1700110&postcount=342

 

Yes, so what about the application support? Is it for specific software or global keylogger protection?

 

* Option "Let PE GUARD choose": add some of your own comments in https://www.wilderssecurity.com/showpost.php?p=1697551&postcount=315 to the description of this option to the help file (the installed one and the online)


* In https://www.wilderssecurity.com/showpost.php?p=1678392&postcount=257 you post another interesting info (for advanced users) that should be added into the help: "Detection is based on the content not on the extension."

In the same post your write "Internet Mode: you can download/copy PE files, but you can't run what you've downloaded until you change the mode." This sentence should be combined together with the one already in the help.


* In the help, chapter "Popup Alerting window", you use "Temporary save this action to this process", but the program uses "Temporally".


* In the splash you write "Trail" but is has to be "Trial".

 

can be two of them.
ones for specific application/browser and ones global protection.

 

Then the question is will you write the anti-keylogging plugins yourself or is that up to other developers?

 

As addition to my above post:

* You should choose only one official spelling of your application. Currently you use "PEGuard2", "PE Guard 2", "PE GUARD 2", "Peg2" - see website, help, application

* I would appreciate it if there is no splash in the registered version, or an off option

* The width of the trusted list window is to small too. Can't see the complete path/filename in some cases. A horz. and vert. scrollbar is enough here.

* It should be possible to select more than one process in the trusted list at the same time to remove them (the typical SHIFT and STRG actions)

* If in Internet mode a download exe can't be executabed, as described, but PEG should inform in a balloon tip that it has prevented the execution of process <process name> if the user tries to run it

* In Normal Mode it seems there a cases where even CREATE NEW events will be shown


By the way, PEG seems to be resistant against taskkill and taskkill /F. And also PsKill.

 

Where can i get PE guard 2.1? Is the free version only for a certain amount of days or what ?

 

You can find the application and information here

 

I'll publish the needed documents, so that any developer can build a plugin.
But any plugin must agree with PEGuard2 properties, like simple using, simple GUI, lightweight.. etc.

Plugins will be supported in the next release (2.2).

 

@cruchot:
Thank you for your recommendations. I'll take all of them in the account in the next update.
But I'm trying to direct the help to normal users. I don't like to put any technical information.