What exactly does PG do?

Discussion in 'ProcessGuard' started by Matt_Smi, Jan 23, 2005.

Thread Status:
Not open for further replies.
  1. Matt_Smi

    Matt_Smi Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    359
    I was reading a bit about PG and it seems like a good layer of defense but I am still a bit unclear as to what it actually does and how it protects your computer. Will it prevent Trojans and other malware from being installing or changing registry entries? Is the paid version much better than the free one? Would it be a good supplement to NOD32? Thanks.
     
  2. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Matt_Smi & welcome, The free version allows the first four items as follows:

    Free Features
    Control application execution
    Protect applications from unwanted termination
    Protect applications from unwanted modification & injection
    Protect applications from unwanted viewing

    Full Features
    Block new and changed programs
    Protect physical memory (prevent operating system vulnerabilities)
    Block Global Hooks (stops keyloggers and password stealers)
    Block unwanted driver/service installation (stops rootkit trojans)
    Block registry DLL injection (stops spyware such as CoolWebSearch)
    Secure Message Handling (protects applications from messages)
    Interface Lock (protects from malicious changes and other users)
    FREE technical support

    ProcessGuard does the following:

    Main uses ...
    Each capability of ProcessGuard is powerful in its own right. For example, a program which simply blocked rootkit trojans from installing would be very valuable in its own right, yet this is just one feature of ProcessGuard! Here is just a brief list of some of the main uses of ProcessGuard:

    Securing processes from being attacked (terminated, suspended, modified)
    Controlling which programs are/aren't allow to run
    Blocking rootkit trojans and other malicious drivers from installing
    Protecting physical memory from malicious modification
    Blocking hooks and code injections
    Determining which programs are being executed on your system
    Determining which programs are attacking others on your system
    Analysing the inter-process behaviors of programs
    Keeping a log of all programs that execute (important for post-infection analysis)

    Main attacks ProcessGuard blocks ...
    ProcessGuard protects against so many different types of attacks that it's difficult to combine them all into one list (for example, although it protects against process termination it secures over a dozen different "termination vectors" in order to accomplish this, so really it's protecting you against a lot more than just one attack).

    Here are the main classes of attacks that ProcessGuard can protect against:
    Unwanted/unknown process execution
    Process/service termination
    Process/service suspension
    Process/code modification
    Process/service crashing
    Rootkit trojan installation
    Firewall leaktest bypass methods
    Hooks and code injections
    Physical memory malicious modifications
    Windows File Protection attacks
    User Imitation attacks
     
  4. Secure Message Handling (protects applications from messages)

    HI Philli .....could you clear that one up for me.... please
     
  5. BourgePD

    BourgePD Registered Member

    Joined:
    Sep 5, 2004
    Posts:
    75
    From PG help file:

    :D
     
  6. Matt_Smi

    Matt_Smi Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    359
    So basically it sounds like it prevents malware from messing with processes among a bunch of other things. It sounds like it would be a good layer of defense to have. Does it run in real time?
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Yes it does, ProcessGuard blocks actions rather than just watching them and informing the user that something has chnged after the event. The user has to give explicit permission for the event / action to take place.

    HTH Pilli
     
Thread Status:
Not open for further replies.