Process Guard Default Settings

Discussion in 'ProcessGuard' started by HoLmEc, Oct 7, 2004.

Thread Status:
Not open for further replies.
  1. HoLmEc

    HoLmEc Registered Member

    Joined:
    Sep 30, 2004
    Posts:
    17
    Ive got PG 2.0 Free version and I'd like to know if it protects explorer.exe and other windows components which usually get infected by worms in order to autostart(included as default, so I dont have to add). So am I protected against Beast Trojan? Or is it only included in the licensed version? Plus, I got KAV PRO 4.5 n Kerio 2.15 which one is more recommended to protect, since I can protect only one?

    Thanks in advance
     
  2. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    about the beast trojan, I am not sure - maybe someone who knows the free version better than I do can shed light on this (but if there is a list of default windows processes that are protected, then I think you should be fine).

    about which app to protect: I'd suggest protecting the firewall. Then at least nothing can leak out and often firewalls provide some additional protection as well. (No k.o.-reason, other people may prefer to protect their AV, esp. since it's Kaspersky which is supposed to catch a couple of trojans as well.)

    HTH
    Andreas
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi HoLmEc, As Andreas says, protecting your firewall is probably your best bet, besides the trial version only allows you to add one protected process and KAV requires two. KAV is also much better guarded than Kerio 2.1.5 anyway.

    Most Trojans require to be loaded so Process Guards checksumming will inform you if any new .exe tries to start.

    Regarding the "Beast" ensure that you have all your OS's critical updates and that your other security software is fully updated with the latest definitions.

    Installing Process Guard on an already infected machine is NOT recommended.

    HTH Pilli
     
  4. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Older versions of Beast would be blocked if you chose to protect Winlogon.exe, but guaranteed protection would only be possible with the full version. This is because new trojans are much more configurable. The best protection against these sorts of trojans is to protect all programs which have firewall access, thus they cant be hijacked to bypass the firewall
     
Thread Status:
Not open for further replies.