Implementing ProcessGuard 4 months after OS install

D

DigitalMP

Gawd
Joined
Jun 27, 2004
Messages
861
I've read it suggested that I may not want to set it to "Learning Mode" if it's not a fresh OS install. I received an "attempted to install a driver/service" alert when I printed for the first time, as well as when I started Photoshop for the first time (after the PG install).

What is the best schema for this app, seeing as how I've installed it at this point in the game?
 
it's not a problem running it in safe mode, as long as your sure your computer is virus/spyware free. And you can always check the lists if something suspicious appears on it.
 
DigitalMP said:
What is the best schema for this app, seeing as how I've installed it at this point in the game?
Click to expand...

well to research each of the processes you have questions about
all code is a matter of trust which is why Microsoft is now getting serious about a strict signed driver policy for Vista (kernal mode rootkit prevention)

its now up to you to determine what processes are allowed to run and which code to trust
when in doubt there is the option of deleting the allowed entry and then denying the process once (without writing a rule), and see what happens

of course the ideal solyution is to start from scratch patch and secure the computer and benchmark your way up to your current state with HijackThis and RootKitRevealer logs as you install 3rd party applications, then Ghost the whole shooting match, but that is a considerable project not to be entered into lightly, but one you might plan for.

In the meantime consider the odds that your possibly infected and determine if doing that project is immediately worth it.

Processguard isnt foolproof, because us fools weild it, but it does allow us to at least see the tripwire results and make educated guesses

It along with all your other security should be monitored by Filechecker as well
while I havent heard of any malware that has sucessfully subverted ProcessGuard I have come across a varient of the Cool Web Search Trojan that kept me from installing it
and as it becomes more popular it will be a bigger target for subversion
 
You must log in or register to reply here.
Back
Top