Screenshot: Trojan infection blocked by Process Guard

Discussion in 'ProcessGuard' started by Wayne - DiamondCS, Oct 1, 2004.

Thread Status:
Not open for further replies.
  1. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    The attached screenshot shows a trojan server attempting to start (and thus infect the system), but the execution/infection is blocked by Process Guard as it's an unknown executable that wasn't authorised by the user. :)
     

    Attached Files:

  2. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    This is what i meant about authorisation. When an unknown program is executed, if you've got Process Guard's "Execution Protection" security feature enabled then you'll be asked if you want to allow the program to run. At this stage you can prevent the program from running, so if it was a trojan (like in the above screenshot) then you're actually able to prevent the infection. :)

    This screenshot shows what happened when PG asked authorsation for a screensaver to run:
     

    Attached Files:

Thread Status:
Not open for further replies.