I doubt if even a ProcessGuard could stop all true EXE-viruses, and Malware with process-killing abilities often have Keylogger functions as well, so your system would be compromised and should be reinstalled from scratch.
I'm not sure...
ProcessGuard protects agains the following terminating methods:
DLL/Code Injection: The attacking process 'injects' a DLL or code into the memory space of another process, allowing the attacking process to remain alive in the context of an existing process. This stealthy trick is starting to be used more frequently by remote access trojans, and can also be used to alter the behaviour of programs. Injected code can also easily terminate its host process, providing another option for process termination. Firewall leaktests often use this technique to bypass firewalls, usually by injecting a DLL into an application that's generally trusted by firewalls (such as Internet Explorer).
Process Termination via EIP Modification: The attacking process suspends all threads in the target process and sets the value of the EIP register for each thread to the address of the ExitProcess function in kernel32.dll before allowing the threads to resume, causing the process to terminate.
Process Termination via CreateRemoteThread: The attacking process creates a new thread in the target process which has a start address set to the address of the ExitProcess function in kernel32.dll, causing the process to terminate.
Process Termination via TerminateThread: The attacking process enumerates all threads in the target process and calls the TerminateThread function in kernel32.dll on each thread, causing the process to terminate when its last thread is terminated.
Process Suspension via SuspendThread: The attacking process enumerates all threads in the target process and calls the SuspendThread function in kernel32.dll on each thread, causing the process to freeze.
Process Suspension/Termination via DebugActiveProcess: The attacking process attaches to the target process as a debugger by using the DebugActiveProcess function in kernel32.dll, allowing the attacking process to both suspend and terminate the target process.
Process Termination via Window Close Messages: The attacking process sends Window Close messages (such as WM_CLOSE, SC_CLOSE, WM_DESTROY) to all windows in the target process. This attack only works against applications that have windows but don't have any message handlers for the Window Close class of messages.
Process Termination via EndTask: The attacking process locates a top-level (parent) window in the target process and sends its handle (identifier) to the EndTask function in user32.dll. This attack only works against applications that have windows.
DiamondCS Process Guard easily prevents all of these attacks, because all of these process vs. process attacks have one thing in common - the attacking process has to open the target process to gain access to it before it can do anything with it, such as terminate it. DiamondCS Process Guard intervenes at this early stage by preventing the attacking process from accessing any protected processes (or any of their threads).
Isn't enough?
