SSM SvcGuard?

Discussion in 'other anti-malware software' started by woe, Dec 12, 2003.

Thread Status:
Not open for further replies.
  1. woe

    woe Guest

    I have a question for the SSM gurus out there. What is the SSM Service Guard for *NT? Does it provide protection not available in 1.94b1? Does it mean all versions of NT (4,5,XP)? I downloaded and installed it, but did not notice any configurability (other than uninstalling it) or benefit, so I removed it pending further research. I could not find any documentation available.
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey

    I don't use SSM but "SSM Service Guard allows you to monitor activity of system services in WinNT.", meaning you have Protection now for Services in NT Systems which could possibly be attacked/exploited... ;)
     
  3. woe

    woe Guest

    Ok, so I guess my question is how does it function, rather than what is it :D

    Upon testing it doesn't prevent services from stopping, so is it just a sandbox for services? SSM appeared to do that itself..
     
  4. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    read here again:

    http://mcom.fatal.ru/help/new/svcguard.html

    sounds to me like it enables monitoring of system services for NT only. The screen shot + verbage indicates the use/need for the latest mchooknt.dll which implies that if you see some activity on a system service you can stop it.

    email Max and to confirm this is added protection above SSM for system service.

    if Max confirms added protection, for comparison purposes, you may want to look at Process Explorer. bellgamin recommends this one highly as a process monitor/killer...

     
  5. RabbitOnTheMoon

    RabbitOnTheMoon Registered Member

    Joined:
    May 20, 2003
    Posts:
    18
    Well... SvcGuard is NOT a standalone program it's just a plugin for SSM, which allows it to monitor activity of non-desktop-interactive services as well as other applications. Why it can be useful to improve SSM with this plugin is explained on it's homepage. This plugin does nothing itself, but it's just provide some kind of transport between non-desktop-interactive service and SSM's main module. It works in any NT and it can be uninstalled/removed via control panel ("add or remove program" or something). To test it you can try to start "smart card service" with and without svcguard started. In first case SSM will ask you do you really want this .exe to be started; in second - you will just be notified that it was started already.
     
Thread Status:
Not open for further replies.