Process Guard, a must have!

...meaning processes are not stopped, closed, terminated, but keep running, working as intended , for which you protected them in the first place.

 

Dont foresee anything not working !!!! rest assured

 

I believe Spy1 is thinking that if OP cannot get access to protected programmes it will not be as effective as it should be. i.e crippling one of it's functions. This has not been found to be the case.
Trying to get access is not the same as trying to actually do the action such as write or terminate. If a Trojan tried to terminate a process then PG will log the action and will stop the termination and the log file will show as X-programme tried to terminate Y-programme.
Here is an example KAV trying to get all accesses on Outlook after an update and then me trying to terminate Outlook with Task Manager:

Outlook is blissfully unaware of the other programmes actions & KAV still remains capable of doing it's job

[19:31:20] c:\program files\kaspersky lab\kaspersky anti-virus personal\avpm.exe [1924] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\program files\microsoft office\office10\outlook.exe [1196]
[19:31:20] c:\program files\kaspersky lab\kaspersky anti-virus personal\avpm.exe [1924] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\program files\microsoft office\office10\outlook.exe [1196]
[
10:02:52] c:\windows\system32\taskmgr.exe [1596] tried to gain TERMINATE access on c:\program files\microsoft office\office10\outlook.exe [3740]

 

Pilli - Yes, that is one of the things I was wondering about. But I've been checking my logs in OPP for the last three days and everything seems to be working exactly as it should be.

Perhaps I'm just having a nomenclature issue here, but if PG says it stopped such-and-such a program from doing something it was trying to do to another program - then why is that program still functioning correctly?

I'm not complaining about the fact that everything's still working by any means - I just can't grasp why it is - if PG is actually stopping all these attempts.

Am I making any sense? Pete

 

Pete, Yes you are making sense and I have raised the logging question in the Beta test forum.

The whole logging issue is under VERY hard scrutiny at the moment and I am sure a satisfactory method of controlling logging functions is a priority.

 

I wish it worked on 98SE.

 

Pete -

When your process is logged as getting TERMINATE access for example, it didn't actually NEED that access. So its rights were simply limited to READ and GETINFO - all that it needs

We might have a better way of displaying the logging.. just have to see what we can do, user input has been very helpful this last week so thank you

 

Allow flags are probably going to be in the next release, or the one after it, it is already in there in a private build, but not tested. So you can give some control back to certain apps you choose. Not many "legit" apps need Write access to other processes, so it isn't that big a problem.

With Process Guard you can see a lot of the "behind the scenes" things programs do, especially your security programs. Sometimes there are things which need to be improved (ie requesting FULL ACCESS when you only need READ), and with Process Guard you can tell the developers things like this.

-Jason-

 

SO what other features do you diamondcs boys have in store

I'd also like to point out this cool freeware and open source called Integrity Protection Driver (IPD).

 

Yeah, have seen it. here

 

The IPD is ok, but it is still a WIP with a few bugs and a few flaws. But it has some features Process Guard has, the new build of Process Guard is really steps ahead of the current one too, thought I might mention that .

-Jason-

 

While this might not be very suave, I am wondering how this program compares to System Safety Monitor (1.93b2). To me it seems SSM monitors everything PG would, plus the registry which PG doesn't seem to watch. Please correct me if I am wrong..

Thanks!

 

SSM is monitoring (and does it well), while Process Guard is guarding your processes, so they can't be compromised or killed, which SSM cannot do.
Dolf

 

Yes we are trying to stay as far away from the whole "sandbox" genre because they are typically very time consuming to set up for the user. Process Guard is similar to a firewall for your "running programs" on your computer. I think it is better to have a tool which you can set up once fairly quickly and not really have to worry about it, you can be safe in knowledge it is protecting your programs.

The next version of Process Guard will be out very soon, BETA testing will be occuring on the new version over the weekend. We have a lot of very cool "in progress" protection options that a lot of people will like.

-Jason-

 

I am still surprised there is no link to this program from the main site
and from the start programs menu the link to the program site takes you to the TDS-3 site

con

 

Controler, Process Guard was never announced by DCs to the general public only to the DCS forum, as version one was known to be stable but incomplete, DCS has not "advertised" the new pogramme, hence DCS's home pages have not, as yet, been updated. Posts started here and in DSL were by regular DCS users but not by DCS themselves.

Having said that I am looking forward to beta testing the next version, hopefully, this weeend and, if all goes well, release very soon after.

 

Yes it isn't a full scale release yet as Pilli mentioned, we initially only wanted to release it so the people in the forum could play with it and give us some feedback on it. This way we could make it better without having to put a lot of time and energy into the other areas of Process Guard, like support.

When this next version is publically available we will be doing the full scale, normal product release for Process Guard.

Controler, thanks for mentioning the link problem.

-Jason-

 

Speaking of SSM and Process Guard, can both programs be running at once or would it be a good idea while testing Process Guard not to load SSM?

 

Hello,srfox

Yes i am running both at the sametime &
no problems at all & i have both starting
up come to think about it i have PG looking
after SSM & SSM keeping an eye on PG

not sure that is the right way to use
PG but it works like i just said no problems
well hope this helps you in some way

Good luck

Hi,Paul

 

Who guard the guards? I love it!