Process Guard 1.200 Released!!!

Discussion in 'ProcessGuard' started by Jason_DiamondCS, Jan 23, 2004.

Thread Status:
Not open for further replies.
  1. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    http://www.diamondcs.com.au/processguard/

    After a lot of research, development and beta testing we are finally releasing Process Guard v1.200 to the public. This version is a lot better than previous versions of Process Guard , especially in regards to stability. This version adds a lot of new protection to make your system even more secure, including rootkit installation protection and leaktest blocking.

    Registered Members of Process Guard can log into the members area here to download the full version :-
    http://www.diamondcs.com.au/processguard/index.php?page=members

    The free version of Process Guard has also been updated and can be downloaded at Process Guard's homepage.

    The following is general list of some of the things changed since v1.150

    [NEW FEATURES/ENHANCEMENTS]
    -Added "Block Driver/Services" protection along with an allow list for certain programs. This blocks rootkits from being installed.
    -Added "Block Global Hook" protection along with an allow list for certain programs. This blocks certain leaktests from working.
    -Added Splitter Resize so you can adjust the log and protection list size.
    -Added better Right-Click menu on the Systray icon to provide all the options from the main menu.
    -Enhanced output of Window Log to be easier to read.
    -Optimized the Window and File Log code.
    -Everything in Window Log is now shown in File Log
    -DAY and MONTH now appear in the Window/File Log.
    -"Set File Log Path" now shows the filename and directory of the old log file.
    -Made END TASK give an alert when it happens and which application is trying to do it.
    -Optimized the drivers initialization to be faster. [DRIVER]
    -Optimized undocumented method of getting the name of processes. [Driver]
    -Optimized code in process comparison tests. [Driver]
    -Helpfile additions and changes.
    -Now display "in program" tooltips to explain each protection option to the user.
    -Process Guard's stability and compatibility increased immensely.
    -Hundreds of small tweaks.

    [BUGS FIXED]
    -Issues in driver causing Cannot attach errors randomly [DRIVER].
    -Random and rare rebooting issues [DRIVER].
    -Close Message Handling sometimes keeping a handle open to pguard.dat.
    -Close Message Handling timing issues.
    -Fixed Window position/size and Listview Column order/size saving code.
    -DOS/SHORT path names now get resolved correctly. [DRIVER]
    -Driver protection not being enabled correctly on some reboots due to timing condition. [DRIVER]
    -Fixed File Log sometimes not being written to.


    Spread word of the release and have a good weekend! :)

    -Jason-
     
  2. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    An interesting quality about this new release is it's anti-rootkit and anti-leaktest capabilities. Although not specificially designed with those capabilities in mind, please see the "Known Attacks" section in the new helpfile and you'll see that Process Guard is extremely effective against some of the most advanced types of leaktests (including Copycat, Firehole, Thermite, PCAudit 1 & 2, and AWFT). The new driver installation protection capability also means that virtually all rootkits are blocked from installation!
    Please help us spread the word of this new release! :)

    Registered members can download the new full version FOR FREE from the members area. :)

    We'd also like to take a moment to especially thank our beta team for their rigorous testing of the last 5 beta releases that have made this v1.200 possible - thanks guys :)
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Thanks Wayne :) Enjoy your weekend!

    Here is an interesting .gif showing PG's Window log showing SetWindowsHookEx being stopped dead in it's tracks. Also at the bottom the Allow settings for System Safety Monitor
     

    Attached Files:

  4. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Excellent work guys!

    No problem,.....enjoy the weekend fellas :).

    Regards,
    Jade.
     
  5. donsan709

    donsan709 Registered Member

    Joined:
    Jun 18, 2003
    Posts:
    54
    Location:
    dallas tx
    wayne or gavin can you please give some quick instructions on how to uninstall 1.50 before installing 1.20 and what all should be done for a quick and safe upgrade.thanks
     
  6. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    1. Uninstall the old version of Process Guard, and reboot.
    2. Install the new version, and reboot.
    That's all :)
     
  7. donsan709

    donsan709 Registered Member

    Joined:
    Jun 18, 2003
    Posts:
    54
    Location:
    dallas tx
    Thanks for the info and the quick response.
     
  8. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Advanced users :

    Click "Disable All Protection"
    Close PG
    Kill PG_Msgprot if running
    Install over

    Reboot or not, but protection may not apply to certain processes for some time without a reboot
     
  9. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    hello. i hate to be a thorn in your side, but i am concerned about PG's possibly interfering with the installation of legitimate programs.. if pg prevents "malware" from installing, does it also at the same time interfere with the installation of legitimate programs?
     
  10. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi redwolf_98,
    PG does not interfere with legitimate processe but like any other software it is better to disable it for Windows updates or installing your AV or AT i.e programmes that work at system level :)
     
  11. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    It doesn't prevent anything from installing other than drivers, and it's very rare that you'll ever install new drivers on your system (if you ever do you can simply disable Process Guard during the install). So although I can understand your concern, you have nothing to worry about :)
     
  12. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Really Advanced users :D

    After running the Beta's I also deleted all PG's files & registry settings (apart from the keyfile) ;)

    Installed fine on my other PC and laptop with absolutely no problems apart from having to put my apps beck on the list.

    I tend to add apps slowly and monitor what is logged then adjust the allows etc. until logging is stopped.
     
  13. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    extreme advanced user :
    format
    install windows
    reboot
    install PG :D

    Seriously PG 1.200 is better than the previous version and is a must to have as never it has been, don't miss it everyone :)
     
  14. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    ..... & before formatting remember to back up all your Keyfiles :p
     
  15. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Today, mid-testing 1.200 full I installed a Windows service pack and nothing happened, PG sat there ignoring the situation. This is because it was not a case of process manipulation in memory, just replace some files and reboot to replace those that are in use. All went as expected, 0 issues.
     
  16. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Yep, I've noticed on Server 2003 that it often does not require a reboot when XP does even when updating supposedly the same service patch number. o_O
     
  17. Joop

    Joop Registered Member

    Joined:
    May 5, 2002
    Posts:
    8
    Location:
    Holland ( near Arnhem )
    o_O
    It's me again.... having the problem
    After uninstall and reboot former version, installing 1.2 reboot again.
    All okay, checked all protections ..so far so good.
    Rebooted and............... BOD :oops:

    Had to go to safe mode unistall PE and after that came on my normal mode again, did the same thing again twice having the same problem.
    Now I have PE running without the last two protections not checked ( block drivers and block global hooks ) and windows keeps running.

    I'm sending all info from windows during faultreport and log file to Jason.
     
  18. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Downloaded, running great. Thanks guys.
     
  19. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    tell to everyone around you that a new wonderfull software is born :D
     
  20. MEGAFREAK

    MEGAFREAK Registered Member

    Joined:
    Jul 8, 2003
    Posts:
    51
    I always receive this message:

    Windows log shows following:
    3 Feb 20:45:10 - Error: 2. Process Guard could not attach to kernel-mode driver. Please make sure Process Guard is installed properly before continuing.
    3 Feb 20:48:33 - Process Guard Protection is ACTIVE.

    Beside it could be manually stopped with task kill and service stop although I enabled all modules. Another time it worked and I wasn´t able to kill tasks.

    Another Problem: it does not load AOL Driver and blocks then because of this the internet connection.
     
Thread Status:
Not open for further replies.