ProcessGuard Application Database

Discussion in 'ProcessGuard' started by Jason_DiamondCS, Jan 19, 2005.

Thread Status:
Not open for further replies.
  1. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    http://www.diamondcs.com.au/pgdb/

    By popular demand we have added an application database to our website to assist people in adding protection to particular executable components with ProcessGuard.

    In this thread it would be very helpful for anyone to provide a short description for any application/executable, then the settings they use in ProcessGuard for it. Even if for a certain application you decided NOT to add it to ProcessGuard to protect, then that is still helpful information.

    When this is done, either someone from DiamondCS or one of our BETA testers will add it to the list. Doing this will help out a lot of other people who may be confused in setting up any particular application.
     
  2. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Thanx Jason, can you do anything with names that definately need to be blocked like the ones from hjt logs? Cause I got a lot of them :D

    thanx
     
  3. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    We're already considering something along those lines, but the problem is that there are so many. We'll see ... :)
     
  4. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    what was I thinking...you know all that long before I was born I guess:)

    no prbs, great initiative. the thing I was thinking is to have a built in database with all the processes/paths in processguard that needs to be blocked in conjunction with TDS-3/4. just an Idea I have for some months. a combination of the two...

    cheers.
     
  5. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,

    A database is a fastidious work.
    So if it could help, just a few lonks:

    ***Process:

    http://www.colba.net/~hlebo49/runproc.php (slow)

    http://www.processlibrary.com/

    http://www.greatis.com/appdata/index.html

    ***Malwares' process:

    http://www.anti-spy.info/file/

    http://www.3.ca.com/securityadvisor/pest/browse.aspx

    ***Toolbars:

    http:www.allsecpros.com/toolbarlist.txt

    ***Clsid

    http://computercops.biz/clsid.php?type=10

    ***LSPs

    http://www.angeltowns.com/members/zupe/lsps.html

    (.............)

    This list could be supplemented.

    Best Regards
     
  6. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Guys,
    One really obvious thing that is missing is the executable's path
    If someone put an svchost.exe in C:\Windows it might not fit the description given ;-) and someone may not be familiar with where it is supposed to be

    It would also be nice to be able to see the information displayed in a tabular format so it can be found without so much clicking backwards and forwards

    In terms of search links (using svchost.exe as the example), one that is definitely missing is a wilders search

    You could always include another one or two search engines for balance, google is ok but .... I have found Clusty and Teoma useful additions for technical searches to get other links and perform further search refinements. Still using svhost.exe as the exampleInterestingly all 3 search engines give liutilities process library links, but I didn't see a link to the answersthatwork process list in any of them

    Finally it also probably wouldn't hurt to point the user to the Alliance of Security Professionals for further information/research as that would also provide a decent list of security related forums without favouring any particular forum or having to worry about the links having to be maintained

    Back to the main reason for the thread....
    Why would wget need to install drivers ?
    Was that added just to see if anybody actually read what was entered in ?

    I'll be interested to see what you put in for rundll32 ...
    For the record, I have mine on run once and if I have to allow any special privileges (drivers or hooks) during an installation I revoke them afterwards and that hasn't caused any issues because none of the programs I am using invoke rundll32 during normal running to perform tasks with elevated security privileges
     
  7. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Jason,

    This database is very helpful. Thank you. I would only recommend a standard, non-prose, presentation to avoid ambiguuity. Sometimes it is not clear which setting is being addressed. Thanks again.

    Rich
     
  8. iwod

    iwod Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    708
    does this only add System dll/exe to the list, or gernerally any day to day Apps?

    If it is the 2nd choice than could the folowing be included?

    Firefox, Thunderbird?
     
  9. war59312

    war59312 Registered Member

    Joined:
    Nov 30, 2002
    Posts:
    72
    Location:
    U.S.A
    Well how does one go about getting process added to the database?

    Dont see a submit button anywhere.

    I have a few appz that would be nice to have added to the data base.

    Such as Ad Muncher and tclock2.

    Dang even Internet explorer is not listed. lol
     
    Last edited: Feb 4, 2005
  10. jimmytop

    jimmytop Registered Member

    Joined:
    Dec 9, 2004
    Posts:
    268
    Location:
    USA
    What is the status of the online database? Since Jason left, who at DCS is responsible for updating/maintaining it?
    Are there any plans to expand it and get it to a reasonable level?
    Currently, the database is essentially useless. Almost everytime I reference it from the little ? button in PG, I get the web page that says that process is not in the database.

    In the mean time, does anyone have any links to any user-created database of application settings for PG. I've read through Andreas's paper and the other sticky's. Still just wondering if there isn't anything more out there. Thanks for any help.
     
Thread Status:
Not open for further replies.