PE Guard Review: Monitor Portable Executable in Windows

PE Guard Review:  Monitor Portable Executable in Windows
Page content

Overview

If you want to guard the portable executable files in Windows, you will be interested with the new program, PE Guard. This small tool is not for everyone. Find out what PE Guard does and how it works.

Features and Options of PE Guard (5 out of 5)

Portable Executable format (.exe, dll, .sys and object code) is going to be monitored when using PE Guard application. PE Guard will sit in the notification area in Windows to monitor any portable executable files. You have the option to run PE Guard as Power or Normal Guard.

  • Power Guard – PE Guard will monitor all of the three items below
  • Normal Guard – The program will only monitor item #1, programs or virus that will inject itself to another program or processes.

What PE Guard offers is to alert the end-user, if:

  1. any program or virus will inject itself to any other process or program in Windows
  2. any rootkits or program that will write or install a new driver (a .sys file)
  3. any program or virus that will copy itself in another portable executable files

When a portable executable is detected to write, inject or copy itself in your computer or into another process or program, PE Guard will display its alert window. You will need to respond to this alert by choosing to allow, revoke or prevent access. You can also choose to allow once or all it all the time (for trusted processes). The alert window is displayed for 10 seconds, allowing you to choose an action. If no action is made, PE Guard will automatically revoke write access after another 10 seconds of no response from end-user.

To prevent many alerts (especially if you are aware that the executable or a process is safe), you can use the option to modify the pegconfig.ini file by clicking “Edit Safe Process” in PE Guard’s icon.

System Requirement and Installation (5 out of 5)

PE Guard supports Windows 7, Vista and Windows XP only. The installation is straight-forward and you don’t need to restart to start guarding any portable executables in Windows. A startup item is added by PE Guard, peg.exe. The only two issues that I noticed in its installer. There is is the blank selection that you are supposed to click an icon:

Blank Area in Installation Wizard

The other issue is the setup wizard where you are supposed to interact on PE Guard setup by it is actually not a setup wizard but some kind of initializing the program after the install. It will be great if the author of PE Guard will make a change or fixes on the said blank area and setup wizard to prevent confusion.

Performance and Effectiveness (5 out of 5)

To determine if PE Guard is worth to try or keep, I put it to test by downloading malicious executable using Internet Explorer. As soon as I hit enter to download the malicious executable, PE Guard immediately prompt for action:

I choose to prevent the executable the access and PE Guard succeed in blocking the malicious download in writing to the temporary location in my user account directory. Another prompt is displayed since I was trying to download the malicious file on my desktop and when I selected to prevent, the access by the browser to download the malware file is denied. The download failed but the file is in the desktop with 0 bytes. To confirm that the file on the desktop is not harmful anymore, I send it for online scanning using VirusTotal and none of 40 malware scanners found infection which is what I was expecting.

If you are to transfer portable executable format files from your system drive to another partition or external hard-drive, PE Guard will still monitor it and request action. Even when installing legitimate programs, as long as it is a portable executable format or trying to access, write, inject or copy into another program, PE Guard will watch it. This means, no PE format files can escape from PE Guard.

Note that PE Guard will use 3.4MB of memory.

Images

PE Guard Alert when downloading malware exe

Editing Safe Process

Handy Commands in using PE Guard

Price to Value (5 out of 5)

PE Guard is free of charge. Donation is welcome by its author.

Conclusion

PE Guard is simple and easy to use but powerful tool. It can block safe applications so be sure to use only if you are OK with many alerts but wanting a HIPS-like protection. Recommended to use by advanced users and if your resident firewall or anti-virus do not HIPS protection. PE Guard works like TeaTimer’s Paranoid mode by Spybot-S&D so use it only if you know what you’re doing.