Standalone Intrusion Prevention System

Computer threats have become so mischievous and subversive that detecting them required antivirus developers to elaborate new layers of defense based on behavior of the processes or code pattern in the already detected malware. Host intrusion prevention system is one of the most convenient forms of protection as it acts promptly whenever unwanted network or system activities are detected, by blocking or preventing further actions.

This is the exact modus operandi of PE Guard when installed on your computer. The small application costs $14.95 and can serve your testing purposes for as long as 15 days with absolutely no limitation, nag screen or restriction of any kind. The installation process goes as smooth as possible allowing you to inadvertently go through the entire process once you choose the desired setup type: standard or advanced user configuration.

PE Guard is so minimalistic that it does not even need an application window to exhibit complicated menus and options. It is much simpler than this, as all of its options can be accessed through the system tray icon. A right click is all you need to discover all three protection modes (POWER, NORMAL and INTERNET) and the small set of options.

Picking POWER mode to protect your PC is the best type of security PE Guard can offer. In this mode, you will benefit from maximum protection and number of alerts because any program that tries to create exe files is monitored and blocked until you take the decision to allow the action or deny it. To make things easier on you, PE Guard sports the ability to remember your decision by adding a reported executable to a trusted list.

Additional options available when an alert pops include terminating the process and preventing write operations (read-only is permitted). Remembering for a brief period of time your decision is also part of PE Guard’s notification choices. Enabling this causes the application to automatically apply your decision the next time the action is recorded, but without the alert. We noticed during our tests that PE Guard forgets about this the next time you run the program.

When in NORMAL mode, the program is selective only with programs that attempt to modify existing executables. This means that all PE files will be allowed to run freely on the system as long as they do not try to bring changes to other executables. It is behavior-based protection for your computer that stands for a diminished level of protection because a larger number of executable is allowed to run on the system.

The third protection mode in PE Guard is called INTERNET. It is similar in functionality with POWER mode, the difference between the two consisting in the fact that the former does not alert you upon the creation of new files like POWER mode does, instead monitoring the new executables and launching a notification whenever they try to run. This mode is a compromise solution between POWER and NORMAL as it is neither too restrictive, nor too lax.

You can toggle between the three protection modes depending on what you are doing or future activities you plan. For instance, when working with files, you trust NORMAL mode can be enforced and when walking on shady grounds, a more strict protection can be applied through POWER mode.

PE Guard’s set of options does not stop at these protection modes and also provides the possibility to secure your system against possible threats coming via removable devices. “USB Protection” puts a stop to virus propagation through USB devices by preventing all executables to be run from USB drivers. The only ways to execute such files are either to copy them to the hard disk or to disable “USB Protection.”

When trying to run executables from a thumb drive, a message informing you of the impossibility to access the specified device, path or file will be displayed. Unfortunately, there is no hint to lead you to the true source of the notification as PE Guard won’t even squeak.

Although the entire program is designed to encompass only the most essential of the options, there is the possibility to trace each of the actions it takes. Thus, a full activity report, containing date, time, type of action and action taken, can be accessed through PE Guard’s “Options” menu.

PE Guard is simple in both its approach to keep your system secure, as well as in the set of options it offers. There are no elaborate protection schemes available as everything is kept to a minimum. Also, it is not a tool for computer beginners, but average users could do just fine with it. The number of alerts you receive is consistent with the type of protection you enforce: a more rigid one will notify you of every PE execution while opting for a looser one will give you less trouble.

For a standalone host intrusion prevention system, PE Guard does an awesome job; during our tests, nothing went past it and all PE attempts were reported according to the protection mode we had set. The list of trusted processes can be edited at all times to help you tone down notifications while USB protection comes in great if you want to avoid getting your system infected through autorun activity.

PE Guard is not yet ready for prime time as its barebones security is reserved for more proficient users that can make the difference between a malware attack and activity of legit programs. Also, it is still pretty rough on the edges as there are plenty of details that should be added or at least polished, such as an option to delete the log, graying out some buttons when the access type makes them redundant (write prevention and process termination upon Create New), possibility to export settings, etc.

The application is still at the beginning, but it has a very promising future, with plugins being created to enhance protection and expand its functionality. Also, the developer is willing to better the application and polish all the details that may hinder its use.

The Good

The Bad

The Truth