Protection Statistics

Discussion in 'ProcessGuard' started by Oremina, Nov 12, 2004.

Thread Status:
Not open for further replies.
  1. Oremina

    Oremina Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    209
    Location:
    England
    Installed PG3.05 couple of hours or so ago. The only thing different I have noticed is this...

    On GUI, Main, Protection Statistics.

    Something seems to have been changed for this?
    On 3.05 after the first reboot (if I remember correctly) it said "PG has protected your computer from 1 attack".

    After another reboot or two and up to now, it is informing me that I have been protected against 5 attacks."

    Now, after all the time I had with PG3 (and the betas), I never saw that number change from zero. I doubt very much if anything else has changed, that is I haven't suddenly and coincidentally been subject to five attacks, so can I assume something in the app has been activated or changed to work differently?

    Assuming this is how the prog now works, is there anyway to reset this figure, or does it keep on mounting until the next version of PG?

    Just curious.. :)
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Oremina, Did you re-install and start in learning mode? If so then as new allows etc are logged then ProcessGuard will see these as attacks. If, however, you followed Jason's instructions then it is probably just the new .exe changes.
    I did a clean install on this PC & it shows I have had 62 attacks before leaving LM :) You can see that these "attacks" in the alert log.

    I pesonally do not like this feature but apparently it has been requested, I would like to have the option to switch it off.

    Cheers. Pilli
     
  3. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    HKey_Local_Machine\Software\Diamond Computer Systems\ProcessGuard v3.0

    Change DWORD AlertCount to 0

    Turn OFF Execution Protection first and close PG GUI.

    Then start PG GUI and turn ON Execution Protection.

    Maybe the word ATTACK should be something more indicative of the what the counter actually is doing.... BLOCK ALERTS ....
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Thanks Siliconeman, A simple option box would be easier for those that do not understand or play with their registeries :)
    One addition I do like very much is the warning pop up when you go to disable protection and I think this will probably be expanded to include the four general options in a later build, well at least I hope so.

    Cheers. Pilli
     
  5. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    U B Welcome, ;)

    I agree with what you're saying. Would be nice to be able to easily clear the ATTACK counter, the main log which gets pretty big, etc. I feel confident DCS will be continuing to enhance PG. :)
     
  6. Oremina

    Oremina Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    209
    Location:
    England
    Siliconman01

    Thanks.. you're a gentleman and a scholar, worked like a charm (needed reboot)
    but back to zero.

    Pilli
    Actually I did it both ways.... first off I did it using Jason's instructions, edit registry and reuse pghash.dat etc.. It seemed to go well but when I rebooted I had a warning (and I can't remember the exact wording) that pgaccount.exe was not working or only partly opened....something along those lines but can't remember exactly. So I decided to do it the clean reinstall way and I got rid of everything, including cleaning the reg.

    Then did the clean reinstall.

    Now, please correct me if I'm wrong, but it used to be the perceived wisdom that PG was there to protect vulnerable apps, AV's, AT's, Firewalls and various other apps that needed internet access, eg mailwasher, Outlook, various updates etc. etc. That is the way I've always done it, but the current recommendation to leave learning mode on for longer means that more and more apps are in Protection. Before I uninstalled PG3 this morning, I had around 60 apps in Protection....I could easily run up more than 100 if all the progs I used (not that many) were activated in LM. To be perfectly honest, I don't see the point in my EasyCD Creator or jv16 powertools or Irfanview etc. etc. being in Protection.

    So you're right that the 5 "attacks" all took place in LM, but I have to say I have never seen it before.

    Could you tell me therefore if the recommendation by DCS is that, as before, only the security type apps mentioned above need to go into Protection...or anything and everythingo_O If the former, then LM really doesn't need to be on for too long does it? That and due diligence paid to Alerts ('tho we're all human!!) should suffice.

    Just want to get the best out of PG.. :)
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Oremina, I think the policy is still the same i.e. Run your Internet and security apps whilst in learning mode. After the first reboot (after restart) add the four general protections, reboot and LM will have made the correct allows for the enabled general tabs and LM should now be disabled.
    Personally I tailor the allows after LM is disabled based on my experience and this is not recommended for new or less proficient users.
    I then run non net enabled programs so that they get added to the security list making them either permit once or permit always depending on what they are. For instance I like to see when programs update so I give the updater the permit once flag.
    The reason that LM is made like this is so that is new users and less experienced users are able to use ProcessGuard with limited or deep knowledge of their systems but still enhancing their machine's security greatly.

    Pilli :)
     
  8. Oremina

    Oremina Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    209
    Location:
    England
    Pilli... thanks a lot.
    I'm sure we're in broad agreement here... a limited/tailored number of apps in Protection and everything in Execution Protection (Security). Just that from reading some of the threads some people must have everything and the kitchen sink in Protection. I'm not knocking that, just wondered if that was the way to go, but I'm happy as I am.

    I rmember vaguely having this same conversation with you many months ago.. :)

    So we can leave it there then... as ever, much obliged.!!
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Hi Guys

    All kinds of different approaches on what to protect. I not only protect applications that access the internet, but applications I might use while I am online. Since I listen to Radio@aol quite a bit that list can be larger. Therefor when in learning mode I just run thru all the main apps on my system, then I am done. True it makes my protection list bigger, but I sure can't measure any effect of doing this.

    Also on the log file, it's fairly easy to dispose of... Just click on the alert tab and then on the view log file tab. At that point you can delete the file like anything you can delete in windows explorer. PG then just starts a new one.

    Pete
     
  10. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    My protection scheme for PG is more along the lines that Peter is doing. Anything that sits in memory permanently or for extended periods is added in my list. Sometimes this causes a ripple affect of having to include supporting modules of the primary executable that is protected. Also I take into consideration programs that are prone to malicious attacks just because of their popularity/distribution and/or have a history of being stomped on by criminals.

    As for the PG log, yep, I understand that it is easy to clear via Windows Explorer or as you suggested, Peter. I'm thinking along the lines of the novice computer user who might take on PG or those users who may not recognize that after a few days the log is 5 mb, then 10 mb, then 15 mb, etc. Having a visible clear/delete/reset hotkey in PG GUI for the log will trigger most users to at least take a look at the log size...if you know what I mean.

    HTHs and JMO :D
     
  11. Oremina

    Oremina Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    209
    Location:
    England
    Peter and siliconman01

    Thanks both very much for your input, I find your posts are very,very helpful for somebody like me in trying to make decisions (and why). I'm past the newbie stage, have reinstalled XP (once) and my PC is secure and well protected. There are plenty of gaps in my knowledge though and I try to fill those in by lurking on the odd forum or two picking other peoples brains and experience.
    So.. much appreciated. :)
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Hi Oremina

    Pleasure to help. Heck if you have reinstall XP you are one up on me. I have worked hard to avoid that "pleasure".

    Pete
     
  13. earth1

    earth1 Registered Member

    Joined:
    Oct 17, 2004
    Posts:
    177
    Location:
    Kansas, USA
    With regard to siliconman01's comment about clearing the log file, my user account (Win2000) doesn't have permission to make changes under the directories C:\WINNT or C:\Program_Files.. Although it's more secure, one downside is frequently needing to start a program to "runas" the admin account. To start procguard.exe I must enter my admin logname/password. I must enter them a second time to get permission to clear the log file. A button to clear the log from procguard.exe would make life just a bit simpler.
     
  14. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    something to limit the size of the log-file would be nice.. i think one time i saw it where it was 13 mbs.. now i routinely open the log file and delete all the text..

    i feel more comfortable with the new 3.05 release than i did with the recent 3.0 release.. i preferred the red icons in the beta versions..
     
  15. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    The logfile size will not matter in regards to performance. Since ProcessGuard only appends to the logfile (doesn't have to read any of it), it is a very effecient and quick process.
     
Thread Status:
Not open for further replies.