Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Process Guard Replacement


  • Please log in to reply
12 replies to this topic

#1 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,361 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 28 July 2012 - 02:58 PM

On my old computer, years ago, I used a great little program called Process Guard, by Diamond CS. The company has since gone out of business and they no longer make or support process guard. :(

I am currently looking for a replacement for it, that will run on a 64 bit Windows 7 machine.

If you are not familiar with this program, this is what it did.

This utility provides competent PC protection, albeit in a different way than antivirus or anti-adware tools do. Rather than scanning your PC to ferret out specific offenders, ProcessGuard blocks all activities typical of malware and Trojan horses at a deep level. The program's interface is handy and requires minimal user configuration. However, you will need to run the utility in learning mode for several hours so ProcessGuard can examine your computer and determine which processes are safe. The application can prevent nefarious programs from reading, modifying, or stopping any application in the memory; disable access to physical memory; and stop unauthorized logging of drivers and services. It also provides additional protection by asking your permission every time a new application attempts to install. Although ProcessGuard demonstrated solid performance in our tests, we can't vouch for some of its more advanced features, which are disabled in this version. Still, the program makes a nice addition to your arsenal of PC-protection programs.

Read more: ProcessGuard - CNET Download.com http://download.cnet.com/ProcessGuard/3000-2239_4-10333974.html#ixzz21wtcS7tV

I have many people ask me why I would want a program that does what Windows Vista/7 UAC does. My answer has always been that the UAC #1 does not contain a whitelist, it is not customizable, and has a very terrible UI. Additionally, if it does in fact stop something, it gives little to no information on the object that it has prevented from running.

Thank you for any and all help.

BC AdBot (Login to Remove)

 


#2 FS-BC

FS-BC

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 26 September 2012 - 10:20 AM

Hi! Diamond CS unfortunately seems to have stopped business several years ago, & according to a posting on an Australian website forum, this was because they felt the features of Worm Guard and Process Guard had now been taken over by newer Windows XP/98 versions. The software writers had disappeared off the network and something rings a bell about one of them maybe dying.

As you found, the control exercised by the program is vastly greater, clearly presented, and more flexible in terms of controlling as well as safeguarding '.exe' processes from Windows basic processes to user introduced programs. Did you realise for example that CC Cleaner (Piriform software) puts a ping.exe onto your computer when being set up? Process Guard will tell you that & ask whether you want it to run or not. Together with the older firewall ZA Alarm Pro program -- where the privacy page allowed you to block any type of returning packets manually to web sites you were browsing -- it was part of an ideal set up. I have recently got a Windows 7 starter, & much like Vista Home Premium, it has this exceedingly irritating background administrator, separate to the user administrators. I managed, but only by getting rid of the free MacAfee, to allow myself to play around with permissions (not quite up to Windows XP pro 32bit however). However, Windows 7 will not install Process Guard properly, regardless of the 'compatibility' choice or the 'owner' choice, or telling it to run as administrator. There are three separate programs which install - the user account program (for each user, allowing immediate blocking/allowing of running of a program, & different permissions can be given for different users), dcuser (essential) and pgguard program (essential, the display). DCuser on most attempts to install would not run & therefore the program would not run, just sticking at the display page. If lucky, by playing around with compatibility, it did run, then the display declared the user account program wasn't running! thus preventing the feature where it says 'do you want this program to run' meaning you had to pre-block any program or features of a program like installing drivers on the security page rather than on the hoof. (Ie, you have to know in advance what an installation is going to install.) I noticed that explorer.exe kept trying to terminate Process Guard (from the Alerts page list), this doesn't happen in Windows XP. On restarting Windows 7, sometimes even this would stop & I'd be back at the DCProt wouldn't install message.

As you've referred to -- What is excellent & unmatchable by Diamond Software's Process Guard, are the options for each program. There are options to allow a program only to be read, to allow them to be modified, terminated. And options to block a program installing drivers/services, accessing physical memory, terminating/modifying other programs on the list, or simply allow a program to read other programs; block a program altogether, or allow it just once, etc. Its interface is very simple and the help boxes very clear. Its only limit for the version I have is that its list of programs was limited to 250 (remember this includes parts of a program set up, not just the main one, & elementary Windows programs like logonui, ctf loader, &c.) so I have to make decisions which to eliminate from the list when installing a new program. It will also tell you if the program has changed since last used, whether to block any changes or not.

Wow! it was terrific. I join in with you in asking, could somebody not investigate where the copyright went & put it back on the market with updates for the newer Windows / Linux, etc. I wish. If you got it to run on Windows 7 32-bit it would be interesting to know how you managed this, your post only referring to 64-bit.

Edited by FS-BC, 26 September 2012 - 10:27 AM.


#3 FS-BC

FS-BC

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 26 September 2012 - 11:40 AM

Your posting inspired me to look further into this. See more recent reference which mentions that the guy who wrote the software Wayne Langois & ran the company disappeared from circulation sometime in 2006-8. From another website he appears to have left a number of unsatisfied customers who didn't get their licence number (this is the one I knew about). The present web site for Diamond CS only ?sells? brand anti-virus software. I must have purchased the latest version 3.4 which works fine. An entry at the above link explains "Now, for Vista or Win 7, that is a different story. PG, on XP, runs at ring 0. In other words, it becomes a literal part of the OS at the very deepest level. That is part of why it can do what it can do. Microsoft forbade applications from running at ring 0 on Vista/Win 7. DiamondCS said there would be no PG for Vista/Win 7 because of this but then Gavin Coe said in an IM, (and in the forum, I think I recall), that he had solved the problem, or at least the biggest hurdle, for Vista. Then Wayne disappeared so we will never know if PG could have been made to work on Vista." I hope this is of help.

#4 FS-BC

FS-BC

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 28 September 2012 - 04:42 PM

The following permissions for Windows 7 may help (I'm now finding Process Guard will work with Windows 7 when it boots, but, as already said, the 'execution prevention' function doesn't work unless you've already put it into the 'Protection' list). The 'Special User' referred to below is an admin level user created for my computer:

Process Guard folder/Program Files:
-----------------------------------
Trusted Installer R&E,LFC,Read;
Users R&E,LFC,Read;
Administrators Full Control (all boxes ticked);
System Full control (all boxes ticked);
Special User/admin level has Full control (all boxes ticked).
*Owner for the folder was changed to the Special User.

The three separate PG programs:
------------------------------
*Permissions for the three programs are the same as for the folder.

*Compatibility: run as Windows XP (Service pack 3). DO NOT TICK 'run this program as an administrator';
Change settings for all users box - same thing, run as Windows XP (Service pack 3) & do not tick 'run this program as an administrator'.
*Owner for the three programs put to 'Administrators'.

For some reason the Process Guard executable does not like to be 'run as administrator'.

After installing, but before restarting or viewing the help page, make the changes.

Running the program:
When clicking on the Process Guard icon, click 'yes' in the user account control box. Hopefully it won't say DCUSER program won't run, but will say (next worse thing, but not as bad) 'pgaccount.exe is not running'. You will be able to specify protection to various programs. Manually fiddle around with the permissions & compatibility to achieve this if it doesn't work first time.

Important programs to have on the protection list, if only to stop them trying to terminate Process Guard:
consent.exe (no termination to other programs on the list allowed)
explorer.exe

My final list for basic running processes is:
alg.exe, consent.exe, csrss.exe, drwatson.exe, dwwin.exe, explorer.exe, iexplore.exe, longonui.exe, lsass.exe, ntvdm.exe, services.exe, smss.exe, svhost.exe, userinit.exe, winlogon.exe, winmgmt.exe, wmiprvs.exe, wuauclt.exe.

I note in my alerts that mscorsvw.exe tried to modify the pgaccount program, but not clear how I should play this one.

Remember to create a restore point before installing the program & one directly after you get it to work (if only in a limited way)!

#5 King_Yoshi

King_Yoshi
  • Topic Starter

  • Malware Study Hall Senior
  • 1,361 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 30 September 2012 - 07:36 AM

Well thank you for all that research and your in depth explanations! I did not even realize it could run on Windows 7!

But wouldn't new malicious software have ways of circumventing it nowadays?

#6 temporary1

temporary1

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 22 December 2013 - 12:39 PM

I am wondering the same thing. And i loved process guard! What new programs is there?



#7 dwdraw2

dwdraw2

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 21 April 2014 - 09:59 PM

I know that this could be a little late-2 years- but better late than never.

 

There is a program out there-little known to many. It's called "WinPatrol." Maintained by a single tech/owner. The program seats well within your system and let's you know what is starting up. You can create a start-up delay list. It, also monitors your "Host" files. There is more, but you need to check it out.

 

Some say they like it, others don't bother with it. It has a small foot print in your system. Depends what you want.

 

Thanks for your time

 

dwdraw2



#8 King_Yoshi

King_Yoshi
  • Topic Starter

  • Malware Study Hall Senior
  • 1,361 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 01 May 2014 - 01:10 PM

Better late then never. :)

I will definitely check it out!

Thank you for the information.

#9 philfil

philfil

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:55 PM

Posted 04 May 2014 - 01:08 PM

I have used Winpatrol for years. It is a very good application which can monitor your startup programs, current tasks,services, cookies, etc.



#10 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:55 AM

Posted 06 May 2014 - 04:16 PM

One may even consider Deep Freeze... If you are prepared to pay a bit (it is not free) it is an excellent program, highly recommended.



#11 michaelmotes

michaelmotes

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 08 June 2015 - 10:17 AM

I had this problem, PG was grand, ironclad, no new exe's, drivers, or DLL injection.

 

I now use Faronics Anti-Executable. It prevents new exe's and DLLs from loading. And with new driver securtiy, Windows will block or at least warn of installing any unsigned driver.

 

It costs forty bucks, but you may be able to find a used copy on the open seas, arghh matey.


Edited by michaelmotes, 08 June 2015 - 10:18 AM.


#12 zarboy

zarboy

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 30 January 2017 - 05:36 AM

OS: win 7 servc pck 1, 32 bit, 64 bit not tested yet.

 

mine is running now, hope this it..

 

https://www.facebook.com/photo.php?fbid=10210601966353099&set=a.10210601965593080.1073741858.1465209767&type=3&theater



#13 rustlep

rustlep

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands, Amsterdam
  • Local time:12:55 PM

Posted 01 February 2017 - 01:58 PM

Great thread thanks for info






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users