ProcessGuard Suggestions / Wish list

Re: Process Guard Suggestions / Wish list

How about killing protected processes from PG after you entered the HID code, but withouth disabling protection for other processes.
-hojtsy-

 

Re: Process Guard Suggestions / Wish list

some suggestions:

-Better windows 2003 support and terminal server support
-A checksum on the log for not be able to modify it

 

Re: Process Guard Suggestions / Wish list

I do not know if this is a worthwhile suggestion. But I think it would be nice to have a feature (maybe even a small separate program) that will be able to see if your computer has already been rooted. I think for a lot of us, PG is used as a preventive measure against rootkits, and if ones computer is already rooted before PG is installed, PG is rendered useless. Some programs that reveal hidden services and processes (like rootkit detector) seem to work only through a command prompt, which might be confusing or difficult to use for most users. For a product that depends so heavily on being installed on a clean computer, I think this might be a worthwhile feature. And I think with all the excellent work and research DiamondCS has done in this field, you would be most capable to develop such a feature.

 

Re: Process Guard Suggestions / Wish list

Hi rerun2, That would be an achievment indeed! Maybe the new TDS4 with it's new detection abilities & techniques will move in that direction?
What a great combination that would be!

Pilli

 

Re: Process Guard Suggestions / Wish list

Have a preset menu item to save the pghash.dat and pguard.dat files to a default back-up directory with the option of a user defined back-up directory with automatic disabling of the necessary priviledges and features to allow the back-up to be done transparently, with the necessary features and priviledges being reset after the save. On my system, I have had these files corrupted several times and the work around to save them to back-ups is extremely convoluted.

 

Re: Process Guard Suggestions / Wish list

-provide an option to minimize when the window's x button is clicked
(very annoying, I always accidentally close the window)

-provide an option to change the font of the window log

-provide an option to display full log on window
(redundant if the first one is implemented)

-provide an option to hide "Blocked Privileges" which is overwritten by "Allowed Privileges"

-provide an option to create separate log for each program

-provide an option to run silently
(do not launch procguard.exe on startup)
(decide to run a program based on a set of user-defined rules)

-must run under Longhorn

-monitor all windows messages transparently

 

Re: Process Guard Suggestions / Wish list

- provide an option to manually add program to "Program Checksums"

At the moment, everything is added to the list and removing is a pain. I just want to monitor the integrity of the files I am interested at.

 

Re: Process Guard Suggestions / Wish list

A help file to download before installing terms and what they mean to applications

 

Re: Process Guard Suggestions / Wish list

Robyn, Ithink they are listed on the DCS Process Guard site and it is also well worth while reading through the Sticky's here for more general help and user information.
I do know that Gavin is working on a database of general programs that may go some way to helping new users set up PG but it is a time consuming project and may not always be applicable to all users / PCs

Pilli

 

Re: Process Guard Suggestions / Wish list

- an option to reorder the protection list

 

Re: Process Guard Suggestions / Wish list

Hi WWW, Have you tried clicking the column headers? This works on both the Protection list and the Checksum list - Or did you have something else in mind?

Pilli

 

Re: Process Guard Suggestions / Wish list

Thanks Pilli. That will solve the problem for the time being. I would like to be able to group process in a logical way similar to browser bookmark.

 

Re: Process Guard Suggestions / Wish list

Thank Pilli I will have a lot of printing from the Sticky's and other user posts to do later as I am determined I will learn and know a little bit more about PG as others seem to know a 'lot' - I wish I was the type to just try and learn but I need to learn and understand before I try

 

Re: Process Guard Suggestions / Wish list

When the PG screen comes up notifying that a new or changed process is trying to run, I would like there to be a button on that screen to disable PG if desired. When I have done a major installation & forgotten to disable PG I am faced with a series of these notification screens one after the other with no break for me to close down PG. Since I know what's going on, I should have the choice of immediately disabling PG via one of the notifications.

 

Re: Process Guard Suggestions / Wish list

Not sure the following has been posted, anyway, users would love to see what is going on when a driver just installed even disabled "blocking driver installation protection" in PG. When enabled this protection, any driver installation would be failed by this; but, disabled it, PG does not show what's going on with a driver installation just been done.
Is it worth to have it logged anyway?
TIA

 

Re: Process Guard Suggestions / Wish list

Was wondering if there can be an option where we can limit the checksum on files over a certain size. I hate having to disable PG when I install large files, such as service packs. I want PG to say 'Disable checksum for files over 10 meg' or 'confirm checksum for files over 10 meg, click to apply, click cancel to execute file'.

What do people think of this?

Rod

 

Re: Process Guard Suggestions / Wish list

Hi Rod
When I use service packs etc. from trusted sources I simply disable Process Guard but I can see some ppl might like the ability you have suggested

 

Re: Process Guard Suggestions / Wish list

The next version only checksums upto 16MB of a file.

 

Re: Process Guard Suggestions / Wish list

Jason_DiamondCS,

Apologies for going OT with this but you may have clues.

Did you ever come across a prog. that can either lock the settings of Msconfig, or at least monitor same ?

Kind of like your beaut. little Reg. Prot.

Regards.

 

Re: Process Guard Suggestions / Wish list

Any chance of allowing the user to set the threshold (either using the GUI or by setting a registry key) instead of setting it to 16MB ?

 

Re: Process Guard Suggestions / Wish list

Do you think it is important? I was thinking of allowing the user to select this, but then I thought that for this to be a security problem a malicious program would need to be over 16MB in size, and the first 16MB of the malicious file would need to be EXACTLY the same as some other 16MB file you previously allowed.

Since no program at all has access to pguard.dat and pghash.dat (the files Process Guard uses to store this information) they can't determine if you ever ran a > 16MB file , or if you have indeed ran a large file they won't be able to tell which one.

Finally, I don't know of any program ( apart from setup.exe,etc ) which are over 16MB in size for the executable component, and I know that you would have no need to "Allow Always" a setup program, meaning if something ever did manage breach all the above security it would also be alerted on.

If the user had some way to select this, I can just see some people "misusing" it and maybe putting the threshold too low causing security problems.

 

Re: Process Guard Suggestions / Wish list

Since most entries in msconfig are file and registry related, I am sure some program(s) would allow you to monitor the same things.

 

Re: Process Guard Suggestions / Wish list

Sorry Jason, I mis-read your first post as files greater than 16MB will not be checksummed, instead of only the first 16MB of a file will be checksummed. I think your logic is sound.

Thanks for the speedy reply.

BTW, why did you choose 16MB as the threshold ?

 

Re: Process Guard Suggestions / Wish list

This is a bad idea... You should never need to disable all security to make an update. I install and program new software on a daily basis... I don't want to disable security to modify the config.

When a new process is executed, whether via a battery command or from a newly compiled program, is introduced (that trys to create global hooks etc.) You should have the opportunity to add/block it, if you enter the admin user name and password correctly.

Creating a virtual container is exactly what I have been looking for in a process monitor. You should be able to allow server app integration by saying (yes/no) this process from ip range xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx is allowed access. Note that this is different than an IDS/Firewall in a few respects.

Bad idea IMO because of the overhead (processing/ram) prob outweighs the conveince.


Bumps and ideas:

Also the software rules should require the admin password and username if you are not currently logged on as the Administrator. Refrence:
http://www.securitytracker.com/alerts/2004/Jul/1010662.html

-Noticications of programs can be limited to a multistate system tray icon instead of getting popup notifications.

-Option to deny access to programs automatically after x number of seconds/days etc..

-dialog should be locked or limited if you can not enter user name and password of administrator account(s).

-provide an option to hide "Blocked Privileges" which is overwritten by "Allowed Privileges"

-provide an option to create separate log for each program

-provide an option to run silently by default for non administrators users that are logged on
(decide to run a program based on a set of user-defined rules)

-be able to automatically backup/restore rules & preferences in an encrypted format (uses password set in prefs?)
if this can be done via command line we can schedule it ourselves via scheduled tasks.

- The multiselect for privilege list

- The ability to add/remove/modify processes currently running to the protection list.

- I would like an additional column in the 'Program Checksum' tab about the childs applications the current executable is allowed to launch

- run commands in via console command line (So i can make changes via ssh remotely)

- allow processes that run updates on the system (by path checksum?) to always have access such as virus definition updaters, spyware updaters, etc.

-flush config and set it back to defaults (learning)


PS: I will definatly be buying copies this software for my works network/home network as soon as many of the good suggestions listed are added to the software.

 

Re: Process Guard Suggestions / Wish list

Hi,

I second that, I would like it too

gkweb.