PG and Advanced Process Termination v3.0

Discussion in 'ProcessGuard' started by Logan5, Feb 24, 2006.

Thread Status:
Not open for further replies.
  1. Logan5

    Logan5 Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    116
    Location:
    Ohio, USA
    Hi,

    I just downloaded Advanced Process Termination v3.0 and am trying it out. I noticed on web site talking about the new Advanced Process Termination it has "APT vs. Process Guard" and the fact that PG would win if configured correctly. I was pretty sure PG was configured correctly on my PC yet APT can kill it! It cannot kill ZA Pro (but can NOD32, have not tried any others yet).

    I am a bit confused (and worried) why PG is being killed. I am not sure what settings in PG I do not have set correctly that is allowing APT to kill it. Can anyone tell me what settings IN PG need set so it cannot be killed?

    Thanks
    Logan
     
  2. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Yes, when configured correctly ProcessGuard easily blocks all of APT's attacks, making it a useful tool to help ensure ProcessGuard is configured properly :)

    So how were you able to kill it?

    The new 'Kernel Kill' feature is the most advanced, but even this can easily be blocked by ProcessGuard because to achieve this trick APT has to drop and install a system driver (.sys file) - ProcessGuard will block it at this early stage if "Block Drivers/Rootkits/Services" is checked, even before any calls to NtTerminateProcess are made. :)

    Best regards,
    Wayne
     
  3. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    I tried to find Advanced Process Termination program on the web but I didn't find it. From where can I download it? Thanks
     
  4. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
  5. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    But I found there only version 1.9.. Guys mentioned version 3.0:doubt:
     
  6. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
  7. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    Thank you very much ;)
     
  8. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    :)
    We've made several private Wilders-only releases recently - only announced to the public here exclusively at Wilders, including APT, some 25 freeware console tools, and of course the ProcessGuard and Port Explorer betas. There are actually two main reasons for this - 1) we want some solid beta testing done before we release them to the public, and 2) we'll be launching our new website soon so we will be launching several of these programs to the general public then :)
     
  9. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    I can not get Process Termination to work. Everytime I click on APT 3.0, I get a message saying "The Procedure GetStockobject could not be located in the DLL GDI32.DLL"

    I downloaded and installed GDI32.DLL 5.1.2600.1789 from Microsoft which is the Microsoft Security Bulletin MS06-001
    Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919) and I still get the same error.




    Starrob
     
  10. Logan5

    Logan5 Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    116
    Location:
    Ohio, USA
    Wayne,

    Not sure why APT was able to kill PG or any other program. I think perhaps PG my have gotten corrupted. I un-installed and reinstalled PG and everything is working fine. PG stopped APT cold in it's tracks :)

    Thanks for stopping by to help out.

    Logan
     
  11. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    If you allow the program to run at kernel level (as you do if you choose the 'kernel' termination), there is no way for PG to stop it. Of course, APT needs to install a driver to do this, and PG can prevent driver installation (in 'full' mode, not in 'free' mode). The same thing happens with IceSword: PG stops it from installing its driver and it can't run; but if in Process Guard you allow the installation of IceSword's driver, the IceSword can kill Process Guard with ease.
     
  12. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Starrob, what video card and are they relatively new drivers ?
     
Thread Status:
Not open for further replies.