Process Guard v1.100 Released!!

Discussion in 'ProcessGuard' started by Jason_DiamondCS, Nov 27, 2003.

Thread Status:
Not open for further replies.
  1. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Process Guard has undergone many changes since the first version, and we are proud to release this new build.

    *** IMPORTANT***
    Before installing this version, please make sure you have completely removed any previous versions of Process Guard. You have to successfully connect to the driver with procguard.exe before running the uninstall program in version 1.00
    **************

    There are still some things we need to improve but overall it should work a treat for you all. Some new features added since the last version include :-

    - Allow flags, now specify what programs can access protected programs.
    - Close Message Handling, a secure method of handling malicious programs closing down your security applications. (Works good with 70% of programs, still needs a little work)
    - Generic Options added, can now block EndTask() and programs from adding themselves to APPINIT_DLLS registry key.
    - Can disable/enable driver protection on the fly.
    - Human Confirmation dialog, finally a secure way of making sure only human input does something, not a malicious program.
    - No longer need procguard.exe running for protection to be active
    - Performance increased greatly


    Please be aware that if you experience any problems with Process Guard that makes you unable to boot into your normal operating system, you can safely uninstall Process Guard from safe mode. As it is not active in Safe Mode. Process Guard v1.100 has been beta tested for many weeks and we have found no major problems with it.


    Download the FREEWARE version of Process Guard here :-
    http://www.diamondcs.com.au/processguard/

    Process Guard protects your programs actively and is available for Windows 2000, XP and 2003.

    People who have purchased Process Guard and want to get the full version before
    Monday please email us, you can get the email from the Process Guard webpage or from your license email. We will be automatically adding all existing Process Guard customers to our new Members Area on Monday. This new Members Area contains the download link for Process Guard. If you email us before Monday we will add you manually to the Members Area so you can download it a bit earlier.


    -Jason-
     
  2. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Noticed when I went to the Members page that it only had me marked down as owning Port Explorer - but I've purchased everything you've put out. Might want to update that.

    (Yeah, I requested an advance copy of PG using your message system, too! <g> ).
    Pete
     
  3. Nautilus_

    Nautilus_ Guest

    Does the latest PG version handle SetWindowsHook injection method?

    If not: At the moment, there is probably no need to worry. I do not know any trojan using this technique. AFAIK they all use CreateRemoteThread. But Firehole Leaktests demonstrates that SetWindowsHook also works fine...

    Nautilus
     
  4. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    download it..test it out and see for yourself.


    Thread also started at dslr and mvdu had some questions.

    http://www.dslreports.com/forum/remark,8623941~root=security,1~mode=flat


    Congrats on the release and all that hard work !
     
  5. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    SetWindowsHookEx is the last kill method on the To Do list, every other conventional attack has now been accounted for. :)

    However, as it took longer than anticipated to add human verification and protection for close messages (ie. WM_CLOSE, SC_CLOSE) and End Task termination we thought we'd get this 1.1 release out as it is, and we can then add SetWindowsHookEx countermeasures to 1.2. :)

    And you're correct, there isn't a single trojan that has ever been released that terminates security programs via SetWindowsHookEx DLL injection so there's no immediate danger, and chances are we'll have v1.2 out before then anyway. Actually, very few trojans do any security process termination, and of those that do, nearly all just call TerminateProcess (easily intercepted by Process Guard), and a minority also use close messages such as WM_CLOSE (also easily intercepted by Process Guard), so already Process Guard protects against all attacks used by current trojans. A trojan would only opt for the SetWindowsHookEx method if it absolutely had to, because there are a lot more effective process termination techniques that are easier to use, and don't require external DLLs, and unless Process Guard is installed, there'd be nothing stopping the trojan from using those normal termination techniques (ie. TerminateProcess) so it's not something they'd ever opt for.

    In regards to CreateRemoteThread, this still requires Write access to the target process, which Process Guard easily intercepts. :)

    Regards,
    Wayne
     
  6. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Just a note for users who want to get into the members area, I just added everyone :D

    You should have received an email to your registered address, with your email login and password for the members area

    If anyone received a link like this, dont use it

    http://www.diamondcs.com.au/processguard/index.php?page=login

    Please use the URL ending in MEMBERS

    http://www.diamondcs.com.au/processguard/index.php?page=members
     
  7. controler

    controler Guest

    I get so confused sometimes.

    PG has a forum here, Has a free version which only allows one app protection or you can buy the ful version and get unlimited app protection but it still is not offered on the main DCS site. I always wonder how a product can be for sale and not be released yet?

    con
     
  8. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Just visit http://www.diamondcs.com.au/processguard/ and click on buy :)

    The main site is central and like the new central members area has complications, but the members area works already (shows what products you bought) We are updating it still ! :)

    The priority is only the program to us, getting it out and seeing if you like it. Priority is not in any marketing of it. Internet shipped software undergoes changes for example and will improve in just 1 or 2 more slight revisions as Port Explorer did. And by design, this isnt a program which we will need to add a lot of features to.
     
  9. controler

    controler Guest

    Thanks Gavin :D

    I had tried the free version but couldn't find the personal version.
    I guess all I had to do is ask , right?
    I don't always follow all the threads so I don't see all the download sites. I looked in the PG forum but didn't see the full version listed.
    My New Years Motto is to be less impatient ;)
    Sorry

    con
     
Thread Status:
Not open for further replies.