ProcessGuard - Is the free version strong enough?

Gotch guys, and thanks. I guess I simply want to replace the AVG AS Component in my AVG Internet Security Suite with the best and lightest protection. I tried other Antispyware Programs like Ashampoo AS, Windows Defender, and am currently using Spyware Terminator. But do you guys think that using ProcessGuard Free instead of the other programs I mentioned, would be the best and lightest protection along with my AVG AV and Firewall that's part of the Suite?

 

Properly configured its going to be hard to beat in real life scenarios spoken by some one that surfs every where thats HIGH RISK as said by fcukdat I go looking for it.

A little hint: on my set up, explorer.exe is allowed always and is protected from modification & termination, and is authorized to read only. This gives you back your system with out having explorer trying to get into and becoming parent to alot of your programs etc. With it set up this way I don't have no problems with explorer invading my programs.

 

yankinNcrankin. (gotta love that user name) Your referring to ProcessGuard Free right? I'm ready to install it and just want to make sure it's what I am looking for. Light and simple protection to use with AVG AV and FW. Someone PM'd me and already gave me reassurance, but what do you mean by configuring it right?

 

duke1959 what do you mean by configuring it right?

Just take your time and look at both tables see exactly what its saying, the programs you run all the time you can allow always so it dont pop up ever again. As a rule I always put the program .exe file and any other related .exe file for that program into the protections list, it is here where you can set the permissions allowed or not allowed for this (these) programs to have. You got to play with it I dont know what programs you running and I dont know if your system was entirely free of infection to begin with so the only fault I see is if the programs you got on now are full of security holes waiting to be exploited.
Good Luck I'm sure you gonna configure it well.

 

yankinNcrankin, my system is clean and running well with PG Free in learning mode. If I set explorer exe to read only when PG is out of learning mode, does it cause any behaviors I should know about?

 

None that I know of, but as I said earlier explorer likes to get involved with just about everything on the OS I think personally it shouldnt have this ability as it may cause a security problem IMO. So I have currently set it to read only with no other privalages and my system is running fine with the programs in my signature, I also use firefox browser and Power Shadow all with no issues, I can even play my World of Warcraft with no problems.

I just think when you launch a program no matter what it is it should be able to launch using its own .exe as parent, I see no benefit in allowing explorer to modify and attach itself to your programs as parent, but just be sure to add explorer.exe to the protect list.

 

Thanks for that tip. Very good to know.

I been itching to install the free version for just that purpose mentioned earlier, for it to monitor important to me system/programs files without it clashing with my HIPS.

Does anyone know if this free version is compatible if placed in the same company as System Safety Monitor/CyberHawk?

I'm hesitant to add another monitor unless i can be assured no BSOD or other problem with the security programs already in place.

For anyone's information, perhaps and by far the best feature for me with SSM is the Modules Alert. Anytime you try a program or are unlucky enough that some malware escaped SSM hooking the SSDT table, the modules alert immediately pops up and indicates what & where located.

I set the Modules Alert window to auto-close for 2 seconds so if anything does make any attempt i know the moment it's happened and that's what i been after for a long time. Also enjoy the fact the user can over-ride at any blocking to allow and vice-versa.

FileChangeAlarm is been nice but never continued leaving those like me groping for a Folder/File/Driver monitor you could confidently rely on.

 

Thanks yankinNcrankin. I may try Power Shadow after another release of it, as for now I think PG Free to protect my AVG AV and FW and PC should suffice. I'm not a high risk surfer and not really sure I even need PG Free, but I rather use it than the AVG Antispyware Component that was in my AVG ISS, as I believe it does offer better protection and definitely uses less resources. I gotta tell ya, I like this program. I wish I would have installed a long time ago because it would helped me stop searching for the perfect set up. With PG free on board along with an Outbound Firewall and Antivirus, I don't think I really need anything else. Time will tell, but if my PC keeps running as smooth as it so far, it's definitely a keeper. No more trying antispywares based on their Heuristics or Behavior detection because they're just not needed with PG Free as my protection. Thanks to everyone here for this thread and to the people that answered my questions. Take care.

 

Adding anything more to your current setup is overkill and will likely result in grief.

 

Understood but; I have successfully run resident a total of 4 HIPS at one point in time without serious issue. The only problem that frustrates is upon start-up scans because they all want to sweep memory modules and the times it takes to complete those scans vary yet consumes more time than is worth IMO.

My interest lies in the SSDT table where security HIPS hook various instructions. Safemon.sys for instance upon a RKUnhooker or IceSword scan displays that almost the entire SSDT list is covered by them, however other lines are left not hooked by SSM or Cyberhawk.

I simply want "EVERY" instruction in that table to be covered as a precaution. I dunno if another app legit or not could come along and displace it with their own driver file coverage.

Thanks.

 

Just another question here now that I saw EASTERS post. I have used Cyberhawk in the past, and liked the idea of how it was suppose to detect malware with Behavior Analysis. If I'm understanding correctly though, from what I have read in this thread so far, something like CH or even a Program that uses Heuristic's really isn't needed with ProcessGuard Free, right? I ask because I was thinking of reinstalling the Antispyware Component back in my AVG Internet Security Suite now that I found out it has RealTime Heuristic's, and possibly Behaviorial Detection like the original Ewido Suite did, but again not sure it's needed now with PG Free.

 

I want to right now and here thank every single one of you who posted to this topic and especially appreciate the starter of this Topic.

I took the plunge and installed PG free and it is everything that all of you expressed here. I was somewhat reluctant in adding it since i feel most of what i employ are plenty enough, but i became particularly interested after reading so many POSITIVE reviews and was encouraged by your own satisfaction in PG.

It's in place now thank goodness and i can see a lot of what i been missing without it. CyberHawk is a great additional app but in all honesty the latest release is not quite exactly up to expectations just yet so i uninstalled it and installed this instead, and am very pleased to report to all of you that my results are quite satisfactory.

It's by far the simplest appearing program like this that i think i ever installed and it is really efficient, even the free version.

 

Hey EASTER.2010. Are you going to also remove Cyberhawk from your sigs? LOL. Seriously though, I like PG Free much better than CH and although they are different types of apps. I feel PG Free offers far greater security. Plus it is protecting my AV and Firewall. What more could you ask for. Also all three of PG Free's processes run lower in memoy than anything I've used for protection outside of WinPatrol Free and Arovax Shield, but it's a heck of a lot more protective than those two apps. Start ups are fast, opening up programs are fast, and my just PC just seems to breathe easier than with CH on board.

 

Done. Thanks for reminder. As much as i really want to see it advance, cyberhawk is stumbling IMO. Way too many "keystrokes" prompts that are completely false positives.

PG is on-board now and working quietly and stable. I was reluctant to use it for whatever reason but now thanks to your reviews and satisfaction reports i find it quite up to the tasks expected of it, even the free version which is all i'm going to use at this point.

 

I am not sure I understand all this how you guys feel you are so protected by PG free and removing Cyberhawk etc. I do mostly just run my firewall, AV and surf inside Sandboxie for the safekeeping. NO hips. But that is just me, a safe user IMO.

And I did uninstall SSM free that is a much better hips than PG that is now installed, but only cause I like this goldie for being such a well behaving product. Uninstalled SSM free cause their features overlap and I don't like the idea of possible conflicts. I use processguard as an addition for firewall to having application control.
I can easily block such things as realsched.exe, my netphone program that also wants to start at reboot, stop yahoo's yupdater.exe or Skype's new skypepm.exe from running.
To keep track of programs running on my PC.
I would not call PG free a full hips program though as good as it is in what it does.

 

Process Gaurd properly configured makes your system alot more secure. Having the ability to allow or deny programs certain rights like read, modify, and terminate is a big deal. I sure wouldn't want a program doing anything else other than what it was suppose to do. Lets say the developer of a trusted program that you are currently running on your box decides to go on the dark side you download an update from the vendor, that update happens to be malicious in nature, I would be confident that PG properly configured would flag or stop the bad stuff from happening in my opinion. Reason is I've played with real HIPS and whenever a program tries to do something different it usually tries to modify another application or basically run its code, now as far as the injection of dll and modifying memory is concerned it also has to run those tasks will get flagged depending on how you configured your HIPS. I have yet toi encounter a real life scenario where PG has failed me, and I'm not talking about proof of concept HIPS designed tests that you would have to allow to run on your box.

 

That is an undisputable FACT. I can't believe it took me this long to give this app a try but it is well worth it's weight in gold as another layer of protection that is quite formidable.

 

Ah ok, I assumed that was the case. Makes sense.

You are quite welcome! I've certainly learned a lot from this thread, and I'm glad you like ProcessGuard! I certainly do!

Also, I can't say that I'm completely suprised, but ProcessGuard fails to work on Vista. Just a heads up for anyone who's as daring as myself.

Perhaps someone can suggest a workaround? If there's any at all (which I doubt there is).

 

PG's Execution Protection feature can cover a multitude of sins but it will fall short in the following cases:

• "Programs that run programs" - examples include rundll32.exe (mentioned above), javaw.exe (Java applets), cmd.exe (command-line shell, can be used to run programs), net/net1.exe (start/stop Windows services) and various others. While these can be permitted on a case-by-case basis with PG, for some (rundll32 notably since many Windows functions use it, like Control Panel applets), this can be somewhat inconvenient. SSM scores better here since it does provide an option to restrict rules by program parameters.
• Programs you choose to run - an obvious point for some, but there are plenty of examples of malware that spreads by pretending to be something useful (indeed, that is the definition of a trojan). "Safe hex" will reduce the chance of this happening but the full version of PG greatly restricts what damage can be done if the global protection options are enabled.

 

Thanks Paranoid2000 for weighing in on this topic with your own results.

PG compliments SSM just fine thank you. The both present no conflicts at all on my machine. And as far as the possible areas of limitations you mentioned? KAV6 Suite takes up that slack perfectly.

For the first time in a very long time i think i've actually hit on a perfect medium that is totally compatible and protects all the way around. I threw all the leaktests i can find at my box and what the HIPS/PG misses, KAV6 Suite steps right up front and center to fill the gap.

As it now stands....

Kaspersky6 Suite (w/firewall)(resident)
System Safety Monitor (Registered but older version without networking)
Process Guard
AVG Anti-Spy 7.5 (w/guard enabled)
snoopfree

That is by far the most stable of configs i been able to assemble ever i do believe. I'm pleasantly surprised these all co-exist peacefully and pass all the leaktests plus others)

 

LOL,any meaningful test has to bypass execution control of PG inorder to test my security on any level.Naturally no security test has yet to bypass/penetrate my setup

The burglar can come to the front door but i ain't letting him in to see which rooms he goes into and what stuff he takes/moves

Ps heh,like i said earliar(&many times before) Joe PG is definetly another golden oldie alongside Kerio 2.1.5

 

Don't get me interested because i am just of the mind to also include Kerio 2.15 even though KAV6 firewall seems to bridge that gap good enough for me. BUT, if the old relic Kerio can co-exist with KAV i won't hesitate adding it as another layer of protection.

 

The last official comment re PG and Vista was post number 31 by Gavin:
https://www.wilderssecurity.com/showthread.php?t=140333&page=2&highlight=Vista

This is just another reason why I have no intention of ever getting Vista. I want control over my computer. Vista takes that away and allows Microsoft to control my computer. I would not even be able to wrest some control back via PG. On XP, I don't even allow IE to start without my permission each time via PG. (I usually use Fx as my browser). IE started once, on its own, and took itself to Windows Update site and was trying to download WGA when I caught it and stopped it. I don't use WU so I was furious. I tied IE down on a very tight leash after that using PG to do so. I would hate Vista without PG.

I've often wondered if the Vista situation was part of why what happened via PG official support here happened. Microsoft would probably have never approved any PG driver for Vista. Microsoft would not allow users of Vista to have the control that PG would provide.

 

One very important program i ommited from my list above that has to be mentioned.

(On-Demand) Power Shadow

Theres an extensive audience to the topic of it right here in this section. It absolutely rounds out a perfect defense IMO.

 

That point cannot be stressed enough but it doesn't explain the company's silence... I emailed PG Support on January 30, hoping for a sign of life. Nothing.