Issues regarding AttackShield WS version 2.0.0 and ProcessGuard 3.150 Full Version

Attack Shield shuts down windows with ProcessGuard installed

Steps taken....
Disabling Attack Shield WS (attackshieldagent.exe disabled in process manager) then installing Process Guard (running in Learning Mode) Re-enabling Attack Shield WS continuing in Learning Mode, upon computer restart, Attack Shield shuts down windows (with PG in Learning Mode)

Uninstalling Attack Shield, then re-installing Attack Shield (after PG is installed), Attack Shield still shuts down windows.

Giving attackshieldagent.exe special rights "install global hooks" , "install drivers/services", access physical memory", Attack Shield still shuts down windows.

All unchecked under "Global Protection Option"

Two files Attack Shield requires - attackshield.exe (GUI - resides in the start menu) attackshieldagent.exe (services)

I am including the dump file

AttackShield website - http://www.sanasecurity.com/

-wayne

Hi,Wayne_b,
I had a look at the dump file/website,and it sounds like a conflict with the memory usage or something like that,(i'm not a computer geek so i might just be pointing the obvious here,forgive me if i am). Also the dumpfile mentions a 'AttackShieldDriver.Sys',you only mention 'attackshield.exe' and 'attackshieldagent.exe', i assume you know about the the driver.
It could be that they're incompatable,the website says Attack Shield monitors the memory for suspicious behaviour,so it might see PG as a threat,tho why it causes a computer shutdown i could'nt say. Thats about all my little brain can handle at the mo (haven't had much sleep),i hope i'm on the right track and someone else will pick up where i left off.

Keep us informed though wont ya!!

Hi Tony,

Yes I know about the "AttackShieldDriver.Sys" it resides in the Attack Shield program folder, thanks for bringing it to my attention since I didn't mention above.

"Keep us informed though wont ya!!"
you bet :)

-wayne

Both files are located in the Attack Shield folder

AttackShieldShim.sys = Shim Loader Driver
AttackShieldDriver.Sys = AttackShield Tracer Driver

Attack Shield is using an execute file I am unable to locate (under normal search) "ss.exe" per "pglog" the only reference to "ss.exe" is located in the prefetch folder.


Wed 07 - 15:24:32 [EXECUTION] "c:\program files\sana security\attack shield\ss.exe" was allowed to run
[EXECUTION] Started by "c:\progra~1\common~1\instal~1\driver\10\intel3~1\idriver.exe" [1664]
[EXECUTION] Commandline - [ "c:\program files\sana security\attack shield\ss.exe" 1djdsno6c58imierfs6s ]
Wed 07 - 15:24:37 [EXECUTION] "c:\program files\sana security\attack shield\installer.exe" was allowed to run
[EXECUTION] Started by "c:\progra~1\common~1\instal~1\driver\10\intel3~1\idriver.exe" [1664]
[EXECUTION] Commandline - [ "c:\program files\sana security\attack shield\installer.exe" install "c:\program files\sana security\attack shield\attackshielddriver.sys" 0 0 ]
Wed 07 - 15:24:39 [EXECUTION] "c:\program files\sana security\attack shield\installer.exe" was allowed to run
[EXECUTION] Started by "c:\progra~1\common~1\instal~1\driver\10\intel3~1\idriver.exe" [1664]
[EXECUTION] Commandline - [ "c:\program files\sana security\attack shield\installer.exe" install "c:\program files\sana security\attack shield\attackshieldshim.sys" 1 1 ]
Wed 07 - 15:24:47 [EXECUTION] "c:\program files\sana security\attack shield\attackshieldagent.exe" was allowed to run
[EXECUTION] Started by "c:\progra~1\common~1\instal~1\driver\10\intel3~1\idriver.exe" [1664]
[EXECUTION] Commandline - [ "c:\program files\sana security\attack shield\attackshieldagent.exe" -i ]
Wed 07 - 15:24:52 [EXECUTION] "c:\program files\sana security\attack shield\attackshieldagent.exe" was allowed to run
[EXECUTION] Started by "c:\windows\system32\services.exe" [440]
[EXECUTION] Commandline - [ "c:\program files\sana security\attack shield\attackshieldagent.exe" ]
Wed 07 - 15:25:01 [EXECUTION] "c:\program files\sana security\attack shield\attackshield.exe" was allowed to run
[EXECUTION] Started by "c:\progra~1\common~1\instal~1\driver\10\intel3~1\idriver.exe" [1664]
[EXECUTION] Commandline - [ "c:\program files\sana security\attack shield\attackshield.exe" ]
Wed 07 - 15:27:25 [EXECUTION] "c:\windows\system32\imapi.exe" was allowed to run
[EXECUTION] Started by "c:\windows\system32\services.exe" [440]

So it BSOD or reboots the machine without a BSOD ?

I can't see a demo download, but this isn't a PG problem - its an Attack Shield problem. Their support will need to reproduce a crash and debug the problem.

-{ Quote: "
Probably caused by : AttackShieldDriver.Sys ( AttackShieldDriver+516 )

...


FAULTING_IP:
AttackShieldDriver+516
ef57a516 8b5604 mov edx,[esi+0x4]

" }-

Hi Gavin,

When Attack Shield protects the OS (when triggered) it gives the BSOD, normal for this application.

My problem, is I am unable to run PG without triggering Attack Shield, thus in hopes someone could shed some light on getting Attack Shield to play nice with PG. I will take it up with Sana Security.

Thanks

-wayne

Ok thanks for clarifying ! is there a download ?

If not, they may need to send us a copy when requesting help, they can contact us of course for anything they might want to know to resolve this easily. It might need some interaction between us.

Hi Fellas,

I also have Attack Shield WS and it's not compatibale with ZA or Kav just in case someone was going to install with these programs.

Rilla927