What is the point of guard32.dll?

goodbrazer · January 21, 2010, 7:02pm

Thread title question was (partially) explained by wj32 :

wj32 post:40:

I’ve just discovered an interesting fact…

Some of you might know about guard32.dll, which is a CIS component that is loaded into every process. The purpose of this component is to make alerts simpler for users. For example, if guard32.dll is disabled and a process attempts to create a service, the user will receive many prompts about services.exe trying to modify the registry. If guard32.dll is enabled and a process attempts to create a service, guard32 will let CIS know about this, a different prompt will be displayed, and the registry alerts from services.exe will be suppressed.

The “different prompt” is in fact the “trying to modify the protected registry key” prompt. So, it should be very easy to change it to “trying to load a driver” or something similar.