ProcessGuard Suggestions / Wish list

Discussion in 'ProcessGuard' started by Pilli, Mar 29, 2004.

Thread Status:
Not open for further replies.
  1. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    I thought it may be nice to start this thread, so I'll kick off :)

    The ability to switch on / off Execution logging without disabling other logging events.
     
    Last edited: Oct 26, 2004
  2. rodsoto

    rodsoto Registered Member

    Joined:
    Mar 18, 2004
    Posts:
    77
    Location:
    Australia
    Re:process Guard Suggestions / Wish list

    I thought something similar, to actually select what you want to log....IE Log BLOCKED executions, but not log allowed executes...
     
  3. rodsoto

    rodsoto Registered Member

    Joined:
    Mar 18, 2004
    Posts:
    77
    Location:
    Australia
    Re:process Guard Suggestions / Wish list

    I would also like the ability to select multiple executables in the MD5 checksum window and be able to click 'remove'. I installed a known bloatware, and it added over 20 or so entries. Had to manually select each one, remove, scroll down, select, remove, etc.....
     
  4. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    Re:process Guard Suggestions / Wish list

    - The same multiselect for privilege list.
    - configurable default privileges for non-listed apps
    - "Retest all MD5" button
    - Drag-and-drop reordering of privilege list.
    - Add a log flag for Allow checkboxes to enable : logged deny / silent deny / logged allow / silent allow
    - Optionally log generic protection hits even when the generic protection is not set to block
    - Termination of protected processes from procguard with Human Identification
    - Shutdown from procguard GUI (+tray icon), with a single Human Identification, disabling other HI dialogs during the shutdown
    - Disable all protection for this session. (until reboot)
    - Learning mode for this session.
    - Optionally Human Identification dialogs poping up to allow Global Hooks / Driver Installs / etc. for a certain process with Allow / Allow once / Deny / Deny once.
    - Easier adding of multiple executables to both privileges and MD5. For example Ultimate Pinball contains ~20 executables, and all require Global Hooks.

    -hojtsy-
     
  5. newbie

    newbie Guest

    Re:process Guard Suggestions / Wish list

    • Log window : text should be non-wrap text by default => it is more convenience to users' eyes to look through?
    • It seems bothering with everytime refreshing the CheckMD5Sum program list to its default sorting order everytime having a change (like deleting a listed .exe; adding a new *.exe to the list...) to it. Users might like an order display (according to path to a .exe) during their use sessions instead of having it changed back to its default everytime.
    • Why there are 2 entering pw when unlocking PG2 ?
    TIA
     
  6. rodsoto

    rodsoto Registered Member

    Joined:
    Mar 18, 2004
    Posts:
    77
    Location:
    Australia
    Re:process Guard Suggestions / Wish list

    • The ability to add processes currently running to the protection list.
    • PG asks user if file is over 10 mb to do md5 checksum. My PC nearly froze when I executed a 120mb exe and a 50mb exe...took considerable amount of time to get the PG screen to allow me to execute it.....

      Something like 'Check MD5 checksum for this file? Click yes to do md5, click block to block once, click allow to allow once'
     
  7. Dardasaba

    Dardasaba Registered Member

    Joined:
    Feb 16, 2004
    Posts:
    38
    Location:
    Israel
    Re:process Guard Suggestions / Wish list

    A key combination to terminate the secure desktop.
    Several times after I chose to either allow or block a file, it stayed in the secure desktop and I had to reboot >8(
    (I know the comp was still active because it popped up that small window that chooses what window you want to focus on when I pressed alt tab)
     
  8. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Re:process Guard Suggestions / Wish list

    I would like an additional column in the 'Program Checksum' tab about the childs applications the current executable is allowed to launch.

    By default it could be set on 'ALL' (same way it is working currently) and could be set to a list of particular executables, with an alert like 'executable.exe is allowed to run but trie to launch this apps, do you allow it?'.

    Because i could "test" an executable to see what it does, or because i could mistakenly allow something to run, anormals behaviour could be seen quickly.
     
  9. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Re:process Guard Suggestions / Wish list

    I couldn't agree more. I find the perpetual [EXECUTION] log entries a privacy consideration, not to mention really annoying because of their sheer number. I get lots of humorous videos and such from friends via email, and every time I run one, I get a log entry in Process Guard's window that gives the full path and file name of the video I played:

    [EXECUTION] c:\program files\media player classic\mplayerc.exe with commandline "c:\program files\media player classic\mplayerc.exe" "c:\temp\embarassingly-named video file.mpg" was ALLOWED to run

    And of course, that's just one example. Any web page I launch externally gets nicely logged, too:

    [EXECUTION] c:\program files\myie2\myie.exe with commandline "c:\program files\myie2\myie.exe" http://www.embarassing-URL.com/ was ALLOWED to run
     
  10. Dardasaba

    Dardasaba Registered Member

    Joined:
    Feb 16, 2004
    Posts:
    38
    Location:
    Israel
    Re:process Guard Suggestions / Wish list

    I agree as well.
     
  11. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Re:process Guard Suggestions / Wish list

    Hi

    Choice of Command like Dos Screen as in TDS and choice in PE.

    Please
    TheQuest :cool:
     
  12. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Re:process Guard Suggestions / Wish list

    I suggest a housekeeping facility for invalid EXE references, both in the main list and in the MD5 (pghash.dat) list. The housekeeping should not be done automatically, but rather only on user demand (at least by default).
     
  13. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Re:process Guard Suggestions / Wish list

    This has also been suggested in the beta forrum, a sort test button or menu to allow one to verify the checksum list and the protected process list.
     
  14. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Re:process Guard Suggestions / Wish list

    That's not the same thing though. Housekeeping refers to actually cleaning up invalid references in the database files, not just showing them to the user.

    Where is the beta forum?
     
  15. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Re:process Guard Suggestions / Wish list

    Hi Nameless, Yes, housekeeping is what I meant - in as much as the test button whatever would show the files that were either no longer there, such as a removed processes from the protection list and any checksummed programmes that have been removed , these could be flagged for deletion.

    The beta forum is a private forum hosted in the DCS forums area.
     
  16. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Re:process Guard Suggestions / Wish list

    Yes, but again, flagging them and actually deleting them are different things. I suppose with PG's protection it would be simpler to just have them flagged, and let the user take care of them. That would be much easier if you could select multiple entries at once, and also if the sort order of the lists didn't change erratically with every change!

    In any event, thanks for the info.
     
  17. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Re:process Guard Suggestions / Wish list

    There also needs to be a way to always allow certain EXEs by path alone (something that ZoneAlarm Pro allows as well). The reason is that some EXEs need to run automatically, but change all the time.

    For BOClean updates, for example, the file %TEMP%\Update.exe runs every time, but it's always different. It's not practical to have to allow BOClean's Update.exe each time an update occurs, and having to do so prevents automatic BOClean updates.
     
  18. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    Re:process Guard Suggestions / Wish list

    That would only be safe if you could protect the Update.exe from unauthorized overwriting, and limit the write access to protected security apps, such as the other executables of BOClean. Else it is a hole in the exec prot.
    -hojtsy-
     
  19. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Re:process Guard Suggestions / Wish list

    Yes, of course. The same is true of ZoneAlarm's implementation. But they included that feature because some executables change frequently.

    As it is, I'm pretty much limited to not updating BOClean automatically, or not using execution protection at all. And isn't it better to identify some individual EXE files by path, than to not use execution protection at all?

    On a totally different note, I just noticed that my "karma" went down 10 points between the time I posted the previous message and this one (or maybe I'm just on crack). And users can no longer subtract karma from other users, so... what gives?
     
  20. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    Re:process Guard Suggestions / Wish list

    nameless,
    Yes optional holes is exec prot is good, but you should know the dangers also.
    have you heard of File Protector doing exactly what I described?
    http://www.mikkotech.com/fp2000.html

    I have no idea about your karma.
    -hojtsy-
     
  21. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    WARNING MESSAGE

    If Jason is reading this I would like to request some kind of visual warning in my system tray that PG is disabled. I would prefer a flashing icon but having a choice of colors or intensity might be good for different users preferences. Just having the icon crossed out doesn't get my attention and I son forget that it isn't protecting me.

    I really want this in case I turn off PG to install WIndows updates and forget to turn it on or play games and forget all about it being disabled. For me this is very important because when I get busy doing something I will most likely forget that it is disabled and pay the penalty later on.

    Dave
     
  22. cjtc

    cjtc Registered Member

    Joined:
    Apr 16, 2004
    Posts:
    22
    Location:
    Swindon, UK
    Re: Process Guard Suggestions / Wish list

    1) Method of adding new programs to the Program Protection tab is long winded, i.e. having to browse for the executable.
    Typical scenario:
    - a program tries to do someting (e.g. global hook) and is blocked and logged
    - there is an entry in the log tab which shows full details
    - want to add that prog to Program Protection tab to allow global hook, but can't copy/paste from Logs into Program Protection "Open" dialog :'( You can click/drag a highlight, but it will disappear as soon as you release the mouse key.

    [Note: I've just found a workaround ... if you drag a highlight in the Logs tab, then, BEFORE releaseing the mouse key, you hit Ctrl-C, it will copy the highlighted text to the Windows clipboard. Non-standard, but it does work].

    2) The Logs tab needs view filter options, e.g. hide [EXECUTION] entries whilst viewing (still capture them though), but display [P], [HOOK], [DRIVER/SERVICE] entries.
     
  23. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Re: Process Guard Suggestions / Wish list

    Hi cjtc, You can just drag and drop files into the protection list without using the tab :)

    Regarding logging, the suggestion has already been made but it is always good to jog Jason's memory ;)
     
  24. Blackhawk247

    Blackhawk247 Registered Member

    Joined:
    Apr 17, 2004
    Posts:
    2
    Re: Process Guard Suggestions / Wish list

    :cool:
    http://img8.imageshack.us/my.php?loc=img8&image=PGWall800.jpg
    Can you tell me if it is possible to re-start PG from the first day and start the learning process anew?
     
  25. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Re: Process Guard Suggestions / Wish list

    Hi Blackhawk247,

    You will have to remove all the checksum entries manually and then re-enable learning mode. Unfortunately there is no way of deleting all entries using multiple selection at this time. It is on the wishlist though.

    HTH Pilli
     
Thread Status:
Not open for further replies.