What is ProcessGuard?
DiamondCS ProcessGuard is a groundbreaking security system first released late in 2003 that protects Windows processes from attacks by other processes, services, drivers, and other forms of executing code on your system. ProcessGuard also stops applications from executing without the users consent, stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. ProcessGuard even stops most keyloggers and leaktests, and is recognised by many to be the most comprehensive anti-rootkit solution available.
Why do I need it?
Security-conscious users on the Internet these days typically have a firewall and antivirus program at the very least, yet very few users are aware that these layers of security can easily be rendered null and void simply by terminating or modifying the host process. For example, a trojan could simply terminate your personal firewall before attempting to transmit your personal details over the Internet, effectively rendering the firewall useless and leaving the user with a false sense of security. Likewise, it could modify your antivirus program by patching it in memory so that it no longer detected any viruses, so even with a database update and even if it was a known trojan it would remain undetected. Rootkits are another serious threat, because once they've infected your system they can often be extremely difficult to detect (as they modify the operating system itself in order to hide, effectively becoming a stealth trojan). ProcessGuard allows you to block the installation of rootkit drivers, preventing any infection from occurring. Firewall bypass techniques are also another big security problem where ProcessGuard can lend a hand. These are just some of the many advantages you'll get from securing your system with ProcessGuard.
Main uses …
Each capability of ProcessGuard is powerful in its own right. For example, a program which simply blocked rootkit trojans from installing would be very valuable in its own right, yet this is just one feature of ProcessGuard! Here is just a brief list of some of the main uses of ProcessGuard:
*Securing processes from being attacked (terminated, suspended, modified)
*Controlling which programs are/aren't allow to run
*Blocking rootkit trojans and other malicious drivers from installing
*Protecting physical memory from malicious modification
*Blocking hooks and code injections
*Determining which programs are being executed on your system
*Determining which programs are attacking others on your system
*Analysing the inter-process behaviors of programs
*Keeping a log of all programs that execute (important for post-infection analysis)
Main attacks ProcessGuard blocks …
ProcessGuard protects against so many different types of attacks that it's difficult to combine them all into one list (for example, although it protects against process termination it secures over a dozen different "termination vectors" in order to accomplish this, so really it's protecting you against a lot more than just one attack).
Here are the main classes of attacks that ProcessGuard can protect against:
*Unwanted/unknown process execution
*Rootkit trojan installation
*Firewall leaktest bypass methods
*Hooks and code injections
*Physical memory malicious modifications
*Windows File Protection attacks
*User Imitation attacks
Without a kernel-level security solution like ProcessGuard your system and the security software you run on it is vulnerable. What's the use of running a firewall or antivirus if it's only going to be killed before it can react? ProcessGuard not only secures itself and the other processes on your system, it also secures your other security programs, allowing them to do their job without risk of termination or attack.
Download Link (2.18 MB)