ProcessGuard v3.150 and AntiHook v2.5

Discussion in 'other anti-malware software' started by elumineX, Jul 31, 2005.

Thread Status:
Not open for further replies.
  1. elumineX

    elumineX Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    34
    At the moment I have Antihook (Pro version) and ProcessGuard (Registered version) running at the same time. What I've noticed is that Processguard's execution protection alerts automatically are supressed when antihook is running. Execution of an unknown program named virus.exe would call a window in antihook, where I can choose to block or allow i virus.exe to run, but Processguard wouldn't react to this. I just want to know if this is normal.
     
  2. slasher

    slasher Guest

    I'm not an expert on PG but I like AH more because it is improving so fast and has some registry protection that PG doesn't. Also AH will be coming out with another version soon that will be even better. How can you beat the free price of AH with a $30. price tag for PG?
     
  3. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Without knowing the exact technical handling of the two products:

    1) If you block the virus from executing then probably PG would never see it.

    2) If you allow the virus to execute, and control is passed on to the next "hook" (as it should be if it is properly handled), then PG should see it. This is what is happening to me when I run Online Armor concurrently with PG.

    If this is not what you are seeing, it could be a problem with the way Anti-Hook has been designed. If you are curious, you may want to reverse the installation order to see what happens, since according to the MS documentation, the software that is installed last, is first in line.

    Maybe others can shed some more light.

    Rich
     
  4. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    You can install OA first and PG will still stop second. They block executions differently. When blocking small.aio, PG takes long enough that it still manages to spawn IE, OA does not. There may be some advantage to PG stopping it when it does, but that's a little beyond me atm.
     
  5. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Notok,

    Thanks for the insights.

    I think that ultimately, these small nuances concerning how each HIPS works, may be quite significant in their abilities to trap malacious processes. However, I doubt that vendors will document these particularities, since they are probably quite proprietary. Users, may be able to figure out what is happening, based upon the behavior of the programs, but these would be guesses. A good test bed may be able to uncover which software product does a better job.

    Rich
     
Thread Status:
Not open for further replies.