PG fails to protect processes...

Discussion in 'ProcessGuard' started by mmmaize, Sep 13, 2005.

Thread Status:
Not open for further replies.
  1. mmmaize

    mmmaize Registered Member

    Joined:
    Sep 13, 2005
    Posts:
    1
    Just purchased PG to evaluate for a client (attorney's office).

    I have several apps/tests that I run to determine if an application like PG does what it says it can. Upon first test - failed... What am I missingo_O

    The test:
    Run regmon.exe (from sysinternals.com) - regmon monitors reads/writes to the registry. Many applications kill regmon because the devloper doesn't want us to see how the app uses the registry. One such application is MuvAudio (muvaudio.com).

    I have run regmon and configured PG to allow regmon to Install Drivers/Services, but protect regmon from: Termination, Modification, and Reading. I have also enable all 4 global protection options (Protect Physical Memory, Block Global Hooks, Block Rootkit/Driver Service Installation, Block Registry DLL Injection).

    I have also cleared the "Terminate protected applications", "modify protected applications", and "Read from protected applications" options for muvaudio.

    I launch regmon, I launch muvaudio - muvaudio tells me my trial has expired (I have a full version - this doesn't happen if regmon isn't running) and regmon is killed.

    If muvaudio can do it, what's to prevent a trojan from killing my a/v or firewall, or even PG itself? Am I missing something hereo_O
     
  2. myluvnttl

    myluvnttl Registered Member

    Joined:
    Aug 23, 2004
    Posts:
    150
    Never had problem with ProcessGuard, if you diable Terminate protected applications", "modify protected applications", and "Read from protected applications for muvaudio, then it's not protected. Maybe muvaudio think it has expire then it will shut down because of the time limits. Most program that is on a time limits like a 30 days, after that if you don't buy it, it will shut down.

    So just enable them again and see if that will work.
     
  3. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Welcome to the forums Mmmaize,

    Almost surely the problem is that you have MuvAudio in your PG Protection list with the "Terminate protected applications" box checked. This will allow it to terminate any PG-protected applications so you should remove it.

    This is a downside to PG's Learning Mode - it will create permissions for every application you run which are usually more permissive than necessary. You should find that many programs can be trimmed (or removed altogther). I suggest only including the following:
    • Applications that have Internet access (since these are prime targets for malware hijack);
    • Security applications;
    • Applications that need special permissions (hooks, driver installs, etc).
    This gives a far shorter list (50 entries for me) which makes it easier to check each entry to ensure that it only has the permissions it needs.
     
Thread Status:
Not open for further replies.