ProcessGuard Suggestions / Wish list

Re: Process Guard Suggestions / Wish list

I don't know if this has been requested before.
A big list of the common processes that users are likely to come across.
The list would be setup like Black Viper's list, except for Process Guard.
It would show "safe" settings that would provide good protection with the least problems and "paranoid" settings for those willing to tweak a little to get more security.
It would be really helpful for users less familiar with all the processes to be able to compare their protection list (and settings) against a "normal" baseline.
This list doesn't have to be in PG at all, it could be here on the forum and continuously updated as new processes are added.
It would be much faster than searching through every PG post.
It could be in the help file as well, but on the forum the list would be much more dynamic.

What do you think?

 

Re: Process Guard Suggestions / Wish list

Based on this thread, a randomization of window placement that would thwart future trojanous attempts to use mouse cursor clicks in PG. By not having the same button location, it would be difficult for a malware to guess where the window button would be.
I know it's far fetched that the trojan could even get that far, but DiamondCS doesn't allow keyboard access to PG for the same reason. Maybe some future exotic malware could directly manipulate the mouse cursor.

Just a thought.

 

Re: Process Guard Suggestions / Wish list

Well, the only area that can be mouse clicked by a trojan is the EXECUTION PROTECTION window that pops up when new programs run. So that means a trojan already needs to be running (and hence ALLOWED by you) and then simulate "clicking" on the "Allow" button to get other programs it wants to run. You can lock the ProcessGuard interface so none of your settings can be changed, so that is already safe.

So if we assume you run and allow some malicious software that does target that specific aspect of ProcessGuard, your machine is still safe from those particular malicious processes since the main protection options cannot be changed. So they can't install hooks, can't install drivers, can't modify protected programs, can't terminate protected programs, etc.

In the end it comes down to ease-of-use, do you want confirmations everytime you click the "Allow" button so that if you do run a trojan it can't click allow for you? I know I don't, and most other users probably agree with me. However the next build of ProcessGuard will probably allow you to set this up (havn't tested the new feature on this particular aspect yet but it should work).

 

Re: Process Guard Suggestions / Wish list

It might be nice to see when your in learning mode from the systray icon. it seems this might be dangerous if left unnoticed. Same with execution protection I guess. I know this would be on the user but as we all are human we all make mistakes.

Thanks,

Chris-

 

Re: Process Guard Suggestions / Wish list

Chris, This has been discussed the DCS beta test forum. It has been suggested that when in learning mode the PG icon should be another colour.
EG.Red enabled - Blue alerts - Crossed disabled and say Green for in learning mode.
We will see what Jason comes up with

Enjoy your weekend. Pilli

 

Re: Process Guard Suggestions / Wish list

Thanks Pilli seems you always come through for me

Thanks,

Chris

 

Re: Process Guard Suggestions / Wish list

Hi all,

Anyone noticed when a driver tries to install... or a program has been Blocked from running, or a program has been blocked from creating a hook, that the icon actually does change colour to blue, however sometimes this change isn't enough for you to notice so you can take swift action...

I would like a feature like the XP hardware update, or XP automatic updates balloon that you get when something new happens. Here's an image for example. You should be able to select the features you want to be notified on.

IE

Service install
Global Mouse Hook
Keyboard Hook
Blocked from starting

[edit: Made a change to the image, looks a little more like this..]

 

Re: Process Guard Suggestions / Wish list

Let's hear it for brightly colored display for items NOT allowed. Lou_Dinunzio you were correct, it was included in previous version. So, here's vote #3, at least. Please!

Ricardo

 

Re: Process Guard Suggestions / Wish list

No.. I think you mean more like this :-

 

Re: Process Guard Suggestions / Wish list

Yes...exactly like that! Looks a lot nicer that way jason!

 

Re: Process Guard Suggestions / Wish list



I want it !

 

Re: Process Guard Suggestions / Wish list

Be nice to see the permit once entries under security tab clear after a restart or have a manual clear button. I can't think of a reason these should not get cleared after a while just showing the programs that are allowed. Maybe I am missing something.

Thanks,

Chris

 

Re: Process Guard Suggestions / Wish list

i was thinking something along those lines....but more on the lines of 'Remove permit once applications after XX days'.....and even the allow always 'Remove allow always applications after inactivity for XX days'

 

Re: Process Guard Suggestions / Wish list

Sounds good to me rodsoto. Anything to get rid of the permit once entries since they served their purpose they should be removed in my opinion.

Thanks,

Chris

 

Re: Process Guard Suggestions / Wish list

I would like to see an option in the PG GUI to 'minimise PG to notification area of task bar when closed' rather than closing the GUI, I like to have PG GUI running all the time so I can see when something needs attention (icon flashes blue). This is the same sort of functionality you see in Outpost firewall, MSN messenger etc. An option to close the GUI would still remain in the notification area context menu.
Thanks
Tom

 

Re: Process Guard Suggestions / Wish list

That wish has been granted and is in the latest private beta's, closing the PG gui using the X or the close menu item does indeed just close the GUI and minimises to the systray.

Pilli

 

Re: Process Guard Suggestions / Wish list

Thaks Pilli, thats good news

 

Re: Process Guard Suggestions / Wish list

One more request while I am at it....
Please Please Please put in an auto backup function for the PGHash/PGuard files, ie each time PG starts it could save a copy of these files automaticaly, keeping the last five or so. and a mechanism to select which one to load. I ask for this as I have just installed Outpost 2.5 on my machine (disabled protection first) and when I rebooted I got a blue screen. So I rebooted again and PG protection list was empty! That is such a PITA, but I suppose this is still Beta software
Thanks
Tom

 

Re: Process Guard Suggestions / Wish list

Could you make it so that the system tray balloon pop ups would let me know on startup that Learning Mode is still on. I sometimes forget to turn it off.

Thanks

 

Re: Process Guard Suggestions / Wish list

Speaking of colours, would it be possible to have a blue icon for normal use turning red when there are alerts to view? The current selection seems counter-intuitive.

 

Re: Process Guard Suggestions / Wish list

Perhaps instead of (or in addition to) the learning mode balloon popup, when in learning mode, the system tray icon could be green.

It's great that we are now talking about little tiny details instead of major problems isn't it?

 

Re: Process Guard Suggestions / Wish list

Shhh...we're just trying to lower DiamondCS' guard before ambushing them with some real corkers.

 

Re: Process Guard Suggestions / Wish list

Hmmm...just thought of one - if an executable is changed, conventional wisdom suggests running a scan on it. How about adding a scan option in PG's Execution Protection dialogue which would check the file using any installed AV/AT scanners? Scanner details would have to be entered separately but this could be a handy convenience feature for those running multiple on-demand scanners.

 

Re: Process Guard Suggestions / Wish list

I like that idea a lot.

 

Re: Process Guard Suggestions / Wish list

Taking this one stage further you could optionaly automaticaly call TDS3/4 from PG when a new or changed executable is run (assuming it is installed) this would remove the need for execution protection, which checks every executable however many times it is run, which has a perfomance hit on my system.