ProcessGuard Permissions?

Discussion in 'Ghost Security Suite (GSS)' started by siliconman01, Feb 18, 2005.

Thread Status:
Not open for further replies.
  1. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Does RegDefend require any special permissions in ProcessGuard....such as Install Global Hooks or Access Physical Memory, etc.?
     
  2. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    nope, no privileges needed Silicon man.
     
  3. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    None required so far. I have added regdefend.exe to PG's Protection List.

    Nick

    sorry about that INFINITY
     
  4. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Hey, thanks much for the comeback. ;) Added to PG as well.

    This new toy looks AWESOME! :D
     
  5. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    no prb Nick, :)
     
  6. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    RegDefend.exe will need the ability to install drivers, apart from that it requires no special privileges. :)
     
  7. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    I have not had any PG driver installation alerts yet. RegDefend is on the Protection List without driver installation permission. Normal behavior?

    Nick
     
  8. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia

    Are you protecting against Driver Installations in ProcessGuard?
     
  9. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Blocked in Global Protection Options.

    Nick
     
  10. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Quick question before running out the door for work -

    Since there are two regdefend.exe's running, does simply adding regdefend.exe to PG cover both of them? There's no difference in the exe names for both, they just have different process ID's, so I'm curious. Pete
     

    Attached Files:

  11. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    I guess the md5 hash will change cause the files aren't the same "size"... But I have it both on my protection too. the smallest is the one for protection against reverse engineering I believe...the other one is the program itself. so they are definately not the same + not the same md5.

    -fingers crossing and hoping I'm right on this...-
     
  12. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Since they both point to the same file on disk, which doesn't change. It will work fine.
     
  13. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Some of my beta testers have said ProcessGuard fails to see the RegDefend driver installation (RegDefend is kernel mode and needs a driver to be installed), and also a few others have reported here and through email about it. The driver installation method I use is the standard method so I'm not quite sure why ProcessGuard is missing it, quite possibly could be a bug.

    I still recommend giving RegDefend.exe "allow driver install" in ProcessGuard even though it currently will work fine without it, since future versions may need that flag set.
     
Thread Status:
Not open for further replies.