ProcessGuard Application Database

http://www.diamondcs.com.au/pgdb/

By popular demand we have added an application database to our website to assist people in adding protection to particular executable components with ProcessGuard.

In this thread it would be very helpful for anyone to provide a short description for any application/executable, then the settings they use in ProcessGuard for it. Even if for a certain application you decided NOT to add it to ProcessGuard to protect, then that is still helpful information.

When this is done, either someone from DiamondCS or one of our BETA testers will add it to the list. Doing this will help out a lot of other people who may be confused in setting up any particular application.

 

Thanx Jason, can you do anything with names that definately need to be blocked like the ones from hjt logs? Cause I got a lot of them

thanx

 

We're already considering something along those lines, but the problem is that there are so many. We'll see ...

 

what was I thinking...you know all that long before I was born I guess

no prbs, great initiative. the thing I was thinking is to have a built in database with all the processes/paths in processguard that needs to be blocked in conjunction with TDS-3/4. just an Idea I have for some months. a combination of the two...

cheers.

 

Hi,

A database is a fastidious work.
So if it could help, just a few lonks:

***Process:

http://www.colba.net/~hlebo49/runproc.php (slow)

http://www.processlibrary.com/

http://www.greatis.com/appdata/index.html

***Malwares' process:

http://www.anti-spy.info/file/

http://www.3.ca.com/securityadvisor/pest/browse.aspx

***Toolbars:

http:www.allsecpros.com/toolbarlist.txt

***Clsid

http://computercops.biz/clsid.php?type=10

***LSPs

http://www.angeltowns.com/members/zupe/lsps.html

(.............)

This list could be supplemented.

Best Regards

 

Guys,
One really obvious thing that is missing is the executable's path
If someone put an svchost.exe in C:\Windows it might not fit the description given ;-) and someone may not be familiar with where it is supposed to be

It would also be nice to be able to see the information displayed in a tabular format so it can be found without so much clicking backwards and forwards

In terms of search links (using svchost.exe as the example), one that is definitely missing is a wilders search

You could always include another one or two search engines for balance, google is ok but .... I have found Clusty and Teoma useful additions for technical searches to get other links and perform further search refinements. Still using svhost.exe as the example

http://clusty.com/search?query=svchost.exe
http://s.teoma.com/search?q=svchost.exe
​

Interestingly all 3 search engines give liutilities process library links, but I didn't see a link to the answersthatwork process list in any of them

Finally it also probably wouldn't hurt to point the user to the Alliance of Security Professionals for further information/research as that would also provide a decent list of security related forums without favouring any particular forum or having to worry about the links having to be maintained

Back to the main reason for the thread....
Why would wget need to install drivers ?
Was that added just to see if anybody actually read what was entered in ?

I'll be interested to see what you put in for rundll32 ...
For the record, I have mine on run once and if I have to allow any special privileges (drivers or hooks) during an installation I revoke them afterwards and that hasn't caused any issues because none of the programs I am using invoke rundll32 during normal running to perform tasks with elevated security privileges

 

Hi Jason,

This database is very helpful. Thank you. I would only recommend a standard, non-prose, presentation to avoid ambiguuity. Sometimes it is not clear which setting is being addressed. Thanks again.

Rich

 

does this only add System dll/exe to the list, or gernerally any day to day Apps?

If it is the 2nd choice than could the folowing be included?

Firefox, Thunderbird?

 

Well how does one go about getting process added to the database?

Dont see a submit button anywhere.

I have a few appz that would be nice to have added to the data base.

Such as Ad Muncher and tclock2.

Dang even Internet explorer is not listed. lol

 

What is the status of the online database? Since Jason left, who at DCS is responsible for updating/maintaining it?
Are there any plans to expand it and get it to a reasonable level?
Currently, the database is essentially useless. Almost everytime I reference it from the little ? button in PG, I get the web page that says that process is not in the database.

In the mean time, does anyone have any links to any user-created database of application settings for PG. I've read through Andreas's paper and the other sticky's. Still just wondering if there isn't anything more out there. Thanks for any help.