Re: iWitness + process guard
[ QUOTE ]
Yes, I think you need the full version of Process Guard to be able to block the DLL injection.
The DLLs are injected into running processes, so it is not permanent thing, but I am not sure why the DLLs appear in the directories (maybe it is a bug, I am not sure...).
[/ QUOTE ]
Why do people think this is effective at stopping Party from detecting things? Have we seen them inject code into other processes? In the past, the way they've detected banned software is just by looking for the files on your hard drive. These SnoopFree/ Process Guard tools don't do anything to restrict that, right? They do prevent screenshots, and I can see how that is important. For the file reading isue, I suppose you could just run Party as a limited user account that didn't have read access to the directories with these tools. Has anyone tried that?
|