Protected when Closed?

Discussion in 'ProcessGuard' started by Dazed_and_Confused, Jun 5, 2004.

Thread Status:
Not open for further replies.
  1. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Regarding the following excerpt from the PG help file:

    "Does Process Guard protect processes if Process Guard (procguard.exe) isn't running?
    Yes, protection is still active. The main Process Guard program (procguard.exe) is essentially just a configuration and realtime-viewing program, but it doesn't provide the protection - the driver does. In the case of Close Message handling, another process (pg_msgprot.exe) will be active, but all other protections are handled by the driver."

    Does this mean that if I close PG, to the point where the icon is no longer in the system tray, that I am still protected? Thanks in advance.
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Does this mean that if I close PG, to the point where the icon is no longer in the system tray, that I am still protected? Thanks in advance.

    Absolutely :) Providing Process guard is enabled when you close it down.
     
  3. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Just think of Process Guard as being two components -- one (the kernel-mode driver) that does the actual protection, and two (the user interface) that allows you to watch what's happening and adjust the configuration. Closing down the user interface has no effect on the driver at all, so even if you cant see a Process Guard icon in your system tray, Process Guard's driver is still protecting you, and will keep doing so until (if) you uninstall the whole program (which requires human verification so that malicious software can't uninstall it).
     
  4. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Thanks, Wayne. One disadvantage I discovered of shutting down the user interface is PG apparently stops logging data to the log text file. Would be nice if that process could still continue so the user could go back and research. Just a thought... :D
     
  5. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, Dazed_and_Confused

    I would never do what you are talking about because. IMHO

    PG becomes totally disabled by itself!

    No Gray PG and RedX to see= NO PROTECTION. :'(

    With Regards,
    Take Care,
    TheQuest :cool:
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    I must admit I like to see the PG icon in the sys tray but on a stable system it is not really necessary :)

    D & C - Having the text log running when Processguard.exe is not running would be nice but I am not sure if it is possible, we will have to await Jason's reply on that. :)
     
  7. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Thanks for pointing this out, TQ. Not sure what you mean by "Gray PG" and "RedX". I'm currently evaluating PG, so I don't yet have full version. But my PG icon is usually a BLUE PG lock or RED PG lock (Not sure what the difference in color means).
     
  8. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Gray with Red X over = Protection has been deactivated
    Blue = A program request for write, suspend, terminate, setinfo, read, or getinfo has been blocked by PG. Time to go look at the log and see if is important.
    Red = Protection is active and no blocks have occurred since the last time you viewed PG.
     
  9. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Thanks, Silico. Yesterday I actually spent a few minutes looking for this info in the help file, but could not find it. I'm sure it's there... ;)
     
  10. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, Dazed_and_Confused

    Sorry not around to answer you D_C, but siliconman01 put you right.

    It not in there, it is for wont of a better word a CRASH. o_O

    I left a link to one of the post about it, here it is Again:- PG becomes totally disabled by itself!

    Hope you never see it. [Gray PG and RedX ]

    No Gray PG and RedX seen if not started on stastup. [no warning :rolleyes: ]

    Hope this help you,
    Take Care,
    TheQuest :cool:
     
Thread Status:
Not open for further replies.