Uninstalled it. :(

Discussion in 'ProcessGuard' started by Kegel, Jul 6, 2004.

Thread Status:
Not open for further replies.
  1. Kegel

    Kegel Registered Member

    Joined:
    Oct 28, 2003
    Posts:
    159
    I have to say, this program would probably be the BEST solution to many of the security probelms facing computer users today. Unfortunately, it is just too strong. Feels like I'm using a sledgehammer on my PC if that makes sense. I use BoClean for my AT needs (resident) and TDS-3 for scanning. BoClean is like the perfect app. Small footprint and you know it is there. No problems. Hell my McAfee VS picks up just about everything anyways....usually the 1st to hit a trojan. Hopefully my purchase of PG a few days ago will earn me some kind of special on one of TDS-4's apps, but for right now, it is going on the shelf.
     
  2. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi kegel..

    Sorry to hear you had troubles with PG :(

    Unfortunately, no matter how good an app can be, there will *always* be a certain percentage of machines out there that just will not like it.

    I read an interesting article a while back about MS testing of their Patches.

    They literally have to run it on a couple of thousand machines to test as even a 1% failure amounts to a LOT of machines that it will be incompatible with.

    I too have had a couple of experiences with very well known software over the years that no matter how I tried to configure, just did not play well.
    Fortunately I have always been able to find something else that did and that is what is important.

    Cheers, TAS ;)
     
  3. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    I think most users who have issues are turning on too many options, or trying to protect too many files. Block Global Hooks is an option you can avoid as a new user, it will just confuse you. If you can point us at specific issues or worries you had, Im sure we can get you up and running with suitable protection options..
     
  4. Kegel

    Kegel Registered Member

    Joined:
    Oct 28, 2003
    Posts:
    159
    Thanks for the support. That is a big reason why I purchased (3) of your products now. If I can make a suggestion for the next version (assuming there will be one), have a setup wizard (for us n00bs). There are simply too many options presented. It seems that in order to set this program up correctly, one would have to have an expert knowledge of what every service, .dll and program does in a Windows environment. I assume that given time for the program to "learn" it would end up fairly maintenance free. I just found myself having to grant just about every program some kind of access that, by default, was blocked. A lot of work and almost seemed counterproductive. The program itself is a great idea. I could be wrong but it seems that if it was properly set up, you could almost do away with the majority of other security apps. It just has soooo much control over everything in the OS...felt obtrusive. I guess thats what its supposed to do though. Amazing that Microsoft doesnt implement a lot of your ideas into their OS's. Even though I'm not using PG at the moment, I have to say...nice work.
     
  5. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi again,

    You dont need to know too much, but we do hope to find a way to have things set up for you - a wizard of sorts. This isnt exactly easy, since anything which is automated could go and place a trojan in the protected list, defeating the protection.

    By default only a few key Windows processes are added to be protected. Perhaps I can tempt you to email support and we will help you set things up.. if you can describe what you see in the log window we can help you add your programs as needed :)
     
  6. ^Ale

    ^Ale Registered Member

    Joined:
    Jul 6, 2004
    Posts:
    187
    Location:
    Italy
    Hi Gavin. Please, can you hel me to setup F-Secure Internet Security 2004? I'm confused because there are too many exe in this program. See attached log... continue
     

    Attached Files:

    • log.PNG
      log.PNG
      File size:
      50.9 KB
      Views:
      261
  7. ^Ale

    ^Ale Registered Member

    Joined:
    Jul 6, 2004
    Posts:
    187
    Location:
    Italy
    ... continue ... and here is my program protection list. What do you think about?
    Thanks for your help
     

    Attached Files:

  8. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Kegel,

    I had a similar feeling the on the first go around with PG, putting a whole bunch of programs under protection. Due to a bit of a glitch while testing some beta software, I had to wipe my hard disk. On the second go around with PG I took a somewhat different approach. I knew my PC was absolutely clean at this point.

    - I started with the default protection list

    - I added my AV, AT, firewall, and other actively monitoring security programs to that base list from the start making sure that I covered all relevant services and processes. A peek into the task manager was my initial guide. I also added automatically launched updaters for these applications if they were a different .exe file. I didn't add the demand security scanners (things like Adaware, Spybot, etc.) that I launch periodically, only the active monitoring apps.

    - Because of some hangs that I experienced early on when my PC would go into screensaver/sleep/powerdown modes or run scheduled processes, I opted for an extended learning mode period. I wouldn't recommend this approach if you don't know your PC is clean. Alternatively, pop PG into learning mode during off hours when scheduled events generally run (again - you need to know you're clean). If you think about things hard enough, you'll usually be able to cover most of these, but if you're like me a few will be forgotten and that can lead to a system hang if PG is waiting for input and something else attempts to launch. How long for this stage? Generally a few days for a well used PC and you should inspect what shows up in the program checksum listing. I also made sure that I ran/updated all my demand security applications once while in learning mode.

    - I then watched the logs. This led to the selective addition of a couple of other processes and adjustment of the permissions set for some of the security applications.

    Following these steps, I ended up with something like 24 active processes protected by PG. I ended up customizing beyond the defaults for 6 of these processes, and these were my security applications. Unexplained system hangs are nonexistent now and everything appears stable.

    I generally disable PG during installs of applications and may pop it into learning mode again post-install if I observe system hangs.

    At least for me, this made life with PG pretty much transparent. But it can be a bit daunting when first starting.

    Blue
     
    Last edited: Jul 8, 2004
  9. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Just a quick post as it's late here and I'm running short on time, but you must remember that Process Guard is an extremely powerful security system that functions at the lowest levels in your system (thanks to its kernel-mode driver, which means you don't even have to be running the procguard.exe user-mode process for protection to be active). It grants you the power to prevent applications from doing potentially dangerous things such as terminating security processes, but also grants you the power to lock down applications to the point that you've essentially got a strangle-hold over them - keep this in mind so that you don't over-secure your system, which isn't something many other security systems allow you to do, but due to the nature of Process Guard this is something you now have the power to do - use this power with respect. If you find that other processes aren't functioning properly, you may need to add them with full allow privileges to Process Guard's list. Likewise, you may need to allow some other system processes extra Allow privileges, or remove some Block privileges, but generally Process Guard is similar to a firewall in that once set up, you'll rarely need to modify its settings. :)
     
  10. Kegel

    Kegel Registered Member

    Joined:
    Oct 28, 2003
    Posts:
    159
    Thinking of giving it another go. I am a glutton for punishent...and I'm bored. Is it possible to JUST have the program protect my AV, AT etc from termination and do away with the program verifications that pop up all the time?
     
  11. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi,

    Sure - UNTICK "Program Checksum Protection" > Enabled
    This is a very useful feature however, if you want to run all your known EXE's once each and have them added to the "allow" database. Or run in learning mode so they all end up in there. But leave it off for now and you will be way less confused I'm sure :)

    ^Ale - everything looks good for you !
    Did you untick the terminate flag for SVCHOST because of the TSKILL thread ? If you dont have Terminal Services running you can tick it again :)

    Or you can ignore the logging, ProcessGuard modifies the permission as it goes, and svchost wont even know anything happened. It wont need any such access so nothing adverse will ever happen.

    There is no ITW malware which uses TSKill anyway, so either option is a possibility. But your setup looks good.. you might want to add some more programs which have firewall access so they cant be modified while running and be used to bypass the firewall. The only extra one I can think of which is used by ITW firewall bypassing trojans is MSN Messenger so I'd add that if you use it :)

    Disable protection and defrag if you make substantial changes to your setup, since the dat files will become very fragmented
     
  12. ^Ale

    ^Ale Registered Member

    Joined:
    Jul 6, 2004
    Posts:
    187
    Location:
    Italy
    Hi Gavin, I've unisnstalled MSN Messenger so I don't nedd to add it. Thank very much for your support.
     
  13. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    I have to admit I have been really scared of PG even though I know it is a vital addition to my security. Having read this post and ^Ale's detailed posts on the reasons for not adding Ad-aware/Spybot etc I am understanding a little bit more. I also like Gavin's comments about the Global hooks as they did complicate my understanding even more.

    The screenshots and comments about them are very useful to anyone who is very unsure about how PG works. I tried the free version some time ago but it just didn't like XP and I really didn't learn from it. I will keep reading and trying to learn but this post has been helpful - thanks.
    I have always felt it was just for 'experts' who knew all about Global Hooks and all the read/write/terminate - I was afraid I would see the BSOD :'(
     
Thread Status:
Not open for further replies.