WormGuard active when not launched?

I noticed that WormGuard appears in my Windows task manager 'Processes' window (wguard.exe 1612 kb) when I launch the prgm, and disappears when I close it.

Is the protection available therefore only when the prgm is open?

 

Hi Spanky,

What you see in your taskmanager is only the User-Interface of WG.
WG works through a so-called "hook".
It does its work silently and you will only see it when it notifies you for some possible nasty.
You can very easily test whether it works.
Put up its interface and click the test-button.
Do you get the same message as in my screenshot?

 

Oh yeah, I get the message saying WG is active. But this message is only available when the UI is open .. when "wguard.exe" appears in the task mgr .. so you see the reason for my curiousity.

I believe you if you say it's working & active, even when I don't see it listed in the task manager.

I didn't know programs could be 'active' unless they were listed in the TM.

Thx for the timely sppt. This is great place to learn. I discovered WG & TDS here:
http://radified.com/Articles/trojan.htm

 

When you look at my screenshot, you will see at the left the box "Protection".
Wormguard will work after you have clicked on the button "Install". To be sure, just test it as I wrote above.
Once it tells you that it is Active, you can close the user-interface by clicking "done" at the right bottom.

Would you ever for some reason like WormGuard not to be active, then just click on the button "Remove" in that box "Protection". That would NOT mean that WormGuard is removed from your system, just only that it is not "active".

That's all

 

Hi Spanky
if you create in notepad a little testfile which you save away as test.vbs and inside one line msgbox "this is a vbs script running"
and save it another time with two extensions like test.vbs.exe
Click on the first and you should get a little messagebox on your screen with that line.
The second should give an alert for double extensions at least.
Keep them on your desktop.
When you scan with TDS you will get an alert for dual extensions on that second one too!
If you copy that msgbox "this is a vbs script running" in the bottom of your TDS console you should get the same little box so you know your TDS and scripting engines are working ok as well

 

I was talking about WG. You reference TDS. Are you saying that WG uses TDS, or are you confusing the two prgms like I sometimes do.

I guess my point is that you only get the message that WG is active whern the wguard.exe process is present in the Task mgr. Do you see my concern? When I close the UI, wguard.exe disappears from the TM. A paranoid person might assume he is no longer protected.

 

Sparky WG is always active once installed, it only reacts to files opening therefore will not show in task manager. East to check as Jooske has already said. Open explorer and then open a file with a double extention such as text.vbs.exe or another one like text.doc. exe The latter being a way that some worms and viruses try to make ppl inadvertantly open what they think is a .doc file but is actually an executable When viewed quickly the exe bit can be missed due to the number of spaces.

HTH Pilli

 

Okay. Sorry for the paranoia. But you are correct. Even tho WG was no listed in the TM, it still popped up & blocked execution just like you said. Impressive. Thx for the patience.

 

Glad we could help, now have a nice beer or whatever you like

 

Spanky, i just gave you a way to test WG and to have an innocent test thingy on your system which will trigger both WG and TDS alerts and which might cause lots of fun for you trying them

 

Spanky,

The two programs TDS-3 and WormGuard are two separate and different programs.
However: TDS-3 has a little bit build in from the power of WormGuard.
Did you have a look at the thread "Basic Configuration of TDS-3":
https://www.wilderssecurity.com/showthread.php?t=2871
In Reply #5 you will see something about Generic detection.
It shows you that TDS-3 is also capable of detecting worms.
But WormGuard is a specialized program aimed at worms and is more powerfull in this field than TDS-3. That's why it is such a good idea to have them both!

 

WormGuard 4 has a systray icon which is loaded upon startup (can be removed as an option) which tells you whether or not WG4 exection protection is enabled via icons (basically RED if its not active and GREEN if its working) . I think this should solve most peoples queries about whether WG4 is active or not.
-Jason-

 

Yeah, that would relieve fears.

When I d/l'ed WG, it said I was d/l'ing v3.1

But when I select "about", it says v4.0

Does this mean I have v4.0? I didn't think 4.0 had been released yet.

 

That's right, 3.1 it is.

 

It really is 3.1 . I don't quite know the story why it says WormGuard 4 in the about box...
-Jason-