ProcessGuard v3.xxx Suggestions / Wishlist

Not sure if this have been requested before.

Future PG should allow you to block extension(s). For example: Block *.WMF files from running. It does not matter the name, as long it ended with *.WMF it stops right there.

 

I haven't used any of the versions of Process Guard. Why? Becuase I am intimidated by it. Same reason I won't use Jetico or Outpost pro firewalls. All of these programs are probably excellent security programs, I just don't have the technical knowledge to run them.

So I would like to see a version of Process Guard that makes most of the decisions for you. Supposedly Prevx has done this with PrevxABC mode. Blackspears settings do this for NOD32. Sure would be nice to see a newbie friendly version of PG. Of couse, you must keep in mind that this is coming from someone who is too intimidated to even download and try the current version.

 

It already does - via its Learning Mode feature (which creates permissions for any program that you run). Of course, you have to switch off Learning Mode before you can gain any protection since malware would be given access also (which is why DiamondCS recommend installing PG on a clean system).

 

Would it possible to add detection and prevention of OLE automation of an application as used by PCFlank's leak test? Also, what's the likelyhood of implementing an API protection scheme? Such as disallowing SendMessage to be used with Internet Explorer as is done with the first breakout leak test and some trojans.

 

Allow programs to run between xxxx and yyy

Maybe it's not the goal of the program.
I think it's techniques could be used for management purposes.
Eg allow programs (eg solitaire.exe) to run between xxxx (12.00) and yyyy (13.00)

Will come in handy in offices so people don't eg play or chat during work hours and only during breaks are outside office hours

 

Report intrusions to an administrator

When an intrusion is detected somewhere on my LAN, a message should be send to an "administrator".

The message could be an email, a popup, an event written in the event log, maybe even sms ?

I imagine messages like :
"User xxxxx on computer yyyyy has tried to run program zzzzzz"

 

Silent installation

I would like to get the program installed on new computers automatically.
Installation now requires licence agreement, clicking next, ..
Could this be automised so I can get an installation by a script or something similar

 

Re: Allow programs to run between xxxx and yyy

These features, while possible, would require a significant expansion of Process Guard and would be of little benefit to its current user base. On the other hand, they would be of great benefit to businesses and corporations looking to secure their networks.

Whether DiamondCS wish to tackle this market, I cannot say - but it would require significant additions to PG (automated installation, centralised configuration and monitoring) while recent changes have focused more on its internal workings.

 

Re: Allow programs to run between xxxx and yyy

PG should have a feature to scan your start menu and maybe desktop too for programs. it would be much faster than using learning mode.

 

Re: Allow programs to run between xxxx and yyy

This wouldn't offer much benefit unless PG was to actually run each program listed - it would have no way to determine what special permissions (install driver, etc) were needed otherwise. A better option IMHO would be the ability to prompt whenever a program attempted such access and suspend it pending a user reply (at least 2 other programs offer this).

 

Re: Allow programs to run between xxxx and yyy

i should have clarified: i would just want the apps to be added to the security list.

i would manage special permissions myself.

 

Re: Allow programs to run between xxxx and yyy

ability to import/export PG settings (the lists). Currently you can backup pguard.dat and pghash.dat, but i would like an easier method. especially one that isnt version specific.

 

Please add these features to Process Guard:

1) Option to add Process Guard currently running services to protection list on new version installation, general currently running processes as a separate option, or both together as a third option.

Therefore, if using the Autoblock of new/changed progs, then you won't forget to update PG checksums and won't be locked out from the main GUI.

OR some way for PG to auto recognise itself.



2) Blocked execution items reported separately to those allowed - so they are not missed (can then be easily detected by user)


3) RE: Auto allowed processes (which cannot be blocked) or warnings - clearly show what files these are



Thanks so much.

Best regards,
Lee.

 

Hi,

I will switch from a monocore to dualcore processor this weekend. One major problem is core affinity settings, so I thought : ProcessGuard could be a good way to set core affinity on application launch (and even remember settings...)!

What it could bring :
- bypass old application incompatibility with multicore processors,
- segment ressources : reserve one core to services & security apps (set affinity on windows startup)

If ever integrated, I understand it won't be a top priority but...

 

For long-time users who have senility problems...

Sure would be nice if we had a utility much like a registry cleaner that would go through all of our Protection entries and Security entries, as separate lists, and advise which entries no longer exist!

Should be pretty simple for some one out there, even apart from the program's writers, to develop such, but as I have gone over the deep end between failing financial matters and having four daughters, I can't pinch-hit this one...

Oh. And if someone would be so kind as to tell me what the heck are "GLOW" tags and what options are available, I would at least feel like I got smarter...

 

Just to add critical updates that I am sure DiamondCS are well aware of, please add:

1. BETTER TERMINATION PROTECTION AGAINST NEW METHODS

2. BETTER HOOK PROTECTION AGAINST KEYLOGGERS


Thanks very much for your attention to any improvements with these.

Best regards,
Lee

 

Don't know if this has been suggested yet:

Ability to drag 'n' drop an entire folder onto the PG screen and have PG automatically checksum everything in it and add them to the protection list. This would be great for folders with large amounts of .exe files and such. Also the ability to ignore entire folders all together would be nice.