Process guard questions

Discussion in 'other anti-malware software' started by hjk, Oct 8, 2008.

Thread Status:
Not open for further replies.
  1. hjk

    hjk Registered Member

    Joined:
    Nov 3, 2006
    Posts:
    10
    Hi,
    i will post some questions from time to time when i will have more expierience with this good security software. For the start i would like to ask what this means. Firefox.exe tried to install driver/service (Process ID 1876). Adobe_updater was blocked from reading firefox.exe (Process ID is the same).
    When should i be worried? Should i allow explorer.exe to install driver/service? This is not a default settings for explorer. I had this kind of alert some months ago. What kind of alert would be if my machine is about to be infected with kernel level rootkit?

    Thanks.
     
  2. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    all hips software based on user knowledge , and doesnt fit for all users. this is a total answer to your question
    particular any new system behavior / alert must be consider for its self, again base on your understanding how os works

    cheers
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    when you fisrt run ProcessGuard you have to run it at learning point cause you could block stuff you need for regular use,so it is advisible to run it in learning mode for one day ofcourse dont introduce any malware mean while it is traing.after that you can remove the learning option and all be normal like it suppose to be.
     
  4. dw2108

    dw2108 Registered Member

    Joined:
    Jan 24, 2006
    Posts:
    480
    jmonge, create a restore point after you install it and have some fun with it. Making mistakes is 99% of the game!

    Dave
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i know dave i am in this game too:D
     
  6. dw2108

    dw2108 Registered Member

    Joined:
    Jan 24, 2006
    Posts:
    480
    And we both worry about having a few "rough reboots," too:D
     
  7. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    yeap:D
     
  8. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    found it block drivers in install mode even it in "learn mode" :)
    dont much like it also its missing and save config option

    cheers
     
  9. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    To add thank godness for bootable recovery and image restore for these rough boot after boot after boot No more windows.:argh: Ah images images images:D
     
  10. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    and freezing up for like 10 minutes:'(
     
  11. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,219
    Hi there,

    It is indeed often difficult to know what to allow or deny when using HIPS. I've had PG for a longtime, and basically stopped using it because of Vista (there are other reasons which I'm not going to mention).

    When I was using PG, it really was very effective as anti executable, and basically this is all you need most of the time to keep track of anything that might execute behind the scenes. I also thought it was very effective against malware terminating other security applications (malware usually disables the antivirus in order to infect your computer).

    My general approach to it as far as what to deny or to allow (I'm not good at identifying what's what) was that if PG springs into action unexpectedly (without you doing anything, and while browsing) then you ought to worry about the possibility of malware. Same concerns should apply if you are downloading anything from untrusted sources.

    The other safe way to do it is to use it with a virtualizer: Returnil for exemple (has a free version, if you don't want to pay), while in protected mode you can try out possibilities in PG and see what the consequences are, if you don't like them, a simple reboot and you are back the the previous state.
     
    Last edited: Oct 9, 2008
  12. dw2108

    dw2108 Registered Member

    Joined:
    Jan 24, 2006
    Posts:
    480
    That's why I back up my registry so very, very frequently. Thank God for ERUNT!
    Dave
     
  13. progress

    progress Guest

    There is no registry protection in Process guard, am I right? So Process guard is only a very light HIPS :rolleyes:
     
  14. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Correct.
     
Thread Status:
Not open for further replies.