ProcessGuard v3.4b1 now available!

Discussion in 'ProcessGuard' started by Wayne - DiamondCS, Jun 12, 2006.

Thread Status:
Not open for further replies.
  1. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    G'day guys, we apologise for the delay - we'd initially anticipated getting this release out a bit earlier but this is a relatively major update with a lot of new research behind it which has been slow but very fruitful, which is why it's now v3.4 -- quite a few updates and enhancements in this one!

    The download (v3.4 Beta 1) is available here (1.84mb):
    http://www.diamondcs.com.au/processguard/pgsetup_3400b1.exe

    Here's a brief list of the main improvements:
    - [fix] A bug in the way some WM_QUIT messages were handled in SMH has been corrected.
    - [added] SMH dialog now appears when "insert key method" is used successfully.
    - [fix] SMH - previously 'OK' could effectively disable SMH for the process in some cases. Now 'OK' is allow close message once and 'OK ALL' is allow all close messages until process termination.
    - [fix] Minor error in long filename handling now corrected.
    - [fix] One method of driver installation wasn't being handled correctly, this has been corrected.
    - [added] Improved name detection of blocked service/drivers.
    - [fix] 'Insufficient access' error was getting priority over 'driver installation error', this has been corrected.
    - [fix] Method of driver install was still being protected while protection was disabled.
    - [added] Extended 'Block Registry DLL Installation' to include several more keys.
    - [fix] Optimised self protection to allow file backup programs to copy without generating errors on PG files while PG protection is active.
    - Various other tweaks, fixes and improvements too minor to name here.

    We hope you enjoy this new release, and we look forward to your feedback! :)

    Also, Advanced Process Termination v4.0 has been released:
    https://www.wilderssecurity.com/showthread.php?p=773009
    Amongst other things it includes a couple of new kernel-mode and new user-mode kill techniques.
     
    Last edited: Jun 12, 2006
  2. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Can we use pghash.dat and pguard.dat from PG 3.3B4 or do we need to "relearn" from scratch?
     
  3. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    There were no changes made to the format of the dat files, so yes you can keep them. :)
     
  4. hax

    hax Registered Member

    Joined:
    Mar 5, 2006
    Posts:
    7
    Thanks Wayne :)
     
  5. strangequark

    strangequark Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    296
    Location:
    OZ
    Damn! oh well you live you learn, you uninstall reinstall and learn again.
    but besides that all going smooth, as usual
     
  6. Chubb

    Chubb Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    1,967
    Thanks Wayne...
     
  7. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    I use Total uninstall when I install the past version. So is it okay to uninstall and remove everything from the previous version then install this new one?
     
  8. Pikachu762

    Pikachu762 Registered Member

    Joined:
    Jan 31, 2004
    Posts:
    41
    Hi Wayne,

    Thanks for the update. I have been trying it for most of the day now...

    The 3.300 Beta 3 that I was using prior to this one had some issues with Opera. As an example, I would go to http://mail.yahoo.com and sign in using version 8.54 of the browser. If I had PG set to disallow reading, modifying, or terminating Opera, and I didn't allow Opera to read, modify, or terminate other processes, and (this is a long sentence!) finally didn't allow Opera to install global hooks, drivers, access physical memory, or enable secure message handling, Opera would immediately disappear upon attempting to log into Yahoo, and PG would display a notification that Opera was prevented from accessing physical memory. Once I allowed Opera to access physical memory, I didn't have any crashes. I would still get lots of warnings from PG that Opera was trying to install drivers or services; however, these alerts didn't happen in tandem with any crashes.

    I also noticed PG flagging a couple other programs, the Folding@Home client and the United Devices client for distributed computing, for attempting to access physical memory. These programs didn't usually crash though.

    The latest 3.4 beta that you announced seems to have solved the problem with Opera exiting without warning upon PG flagging an attempt to access physical memory when it doesn't have permission to do so. I still get lots of warnings about Opera trying to install drivers or services, especially upon exiting the browser, but so far no crashes. The distributed computing clients also haven't generated any warnings from PG about accessing physical memory.

    Just wanted to give you a little input. This latest build seems to have eliminated an issue between PG and Opera, which is good for me... I use it exclusively 'cause I hate IE. :)

    I'll keep trying to break things and see how it all goes. Keep up the good work... I am eager to try the next build.

    -Joe
     
  9. some made up name

    some made up name Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    60
    umm ... i think PhysMem protection may be broken ... KProcCheck isn't complaining about it anymore when i remove it from the list
     
  10. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Well spotted. Yes, physical memory protection was turned off in that version for testing - that's been corrected now. The pgsetup_3400b1.exe file has been updated, but all that's needed is a 24kb driver update:
    1) Download http://www.diamondcs.com.au/processguard/procguard.sys (right-click, Save As...
    2) Disable ProcessGuard protection
    3) Copy the new procguard.sys over the existing one (in Windows\system32\drivers\)
    4) Re-enable ProcessGuard protection

    You'll need to reboot to activate the new driver, although you don't necessarily need to reboot straight away.

    Best regards,
    Wayne
     
  11. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    I was then excited to see the new version, then I downloaded it yesterday. But when I installed it on my pc after restart several seconds later I was greeted with a blue screen of death...it CRASHED on my system...it has some kernel mode incompatibities with my pc.

    So i have no choice but to reboot on safe mode and uninstall it, and back to my older version of v3.3 beta 4, at least it functions harmoniously without conflict or whatever on my machine. Maybe, I have to wait till the final version was released...coz i don't like to become a guinea pig on the lab. (just kidding)
     

    Attached Files:

  12. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    The issues reported here are still present in this beta. However were there any changes in Physical Memory protection to address the Nvidia driver problem?
     
Thread Status:
Not open for further replies.