Whenever I restart an AD window flashes at shutdown. It’s two fast to see what it’s blocking is there anyway to find out and allow it?

Hi, Tatersalad

-{ Quote: "It’s two fast to see what it’s blocking is there anyway to find out and allow it?" }-
I have the same problem with W2k which causes a Very Slow shut down, is W2k your OS?

My is [was] so slow I only use the sleep button on my KB to shut it down. [gone back or should I say forward to using my XP OS]

I tried all sort of allows but could not fix it.

If you find answer to the problem, please post it back?

Take Care,
TheQuest 8)

Hi guys,do you have c:\windows\system32\shutdown.exe in your list? (i'm just guessing here!)

Hopefully the next beta will include some sort of to disk logging which will allow one to see such alerts which are currently lost during shutdown.

Pilli

Hi, Pilli

-{ Quote: "Hopefully the next beta will include some sort of to disk logging which will allow one to see such alerts which are currently lost during shutdown." }-
That what it needs Pilli.

I was going to try and run PG with it to see what its logs would reveal about it, but on second thoughts decided that they might knock heads to hard if i had done so. :)

Take Care,
TheQuest 8)

Hi TheQuest,

You might give Process Logger (http://keleos.h11.ru/proclog/), which runs as a service, a try and see what it records. Process Log Analyzer (http://keleos.h11.ru/analyzer/) is a separate app. Both free.

Nick

-{ Quote: "Whenever I restart an AD window flashes at shutdown. It’s two fast to see what it’s blocking is there anyway to find out and allow it?" }-My guess is that it is either WINLOGON.EXE or USERINIT.EXE trying to launch an application, as part of the normal shutdown process (stress on normal to emphasize that it's nothing that should be worried about or blocked).

To check, you could make sure that WINLOGON.EXE and USERINIT.EXE are present in AppDefend's list, and that each has permission to Start Applications. Then see if AppDefend puts up a notice during shutdown.

I forgot to mention that both WINLOGON.EXE and USERINIT.EXE reside in %SystemRoot%\system32 (usually C:\WINDOWS\system32).

FYI, in future updates, Jason is going to give USERINIT.EXE permission to Start Applications by default, but right now, it is denied by default:

http://www.wilderssecurity.com/showthread.php?t=109508

Now that I think about it a little bit more, I think I'm probably wrong. If AppDefend is still running (and thus able to put up an alert), winlogon.exe and userinit.exe probably will not have done anything yet. Sorry.

I grabbed this frame (from a VMware movie capture) of the AD alert when W2K shuts down. Creating an AD rule for c:\winnt\system32\smss.exe, and giving it permission to Terminate, will eliminate both the alert and the slow shutdown.

Nick

-{ Quote: "Now that I think about it a little bit more, I think I'm probably wrong. If AppDefend is still running (and thus able to put up an alert), winlogon.exe and userinit.exe probably will not have done anything yet. Sorry." }-

No you were right, at least for me it was winlogon.exe. Not sure specifically what it’s trying to do but adding the app and allowing everything does the trick.

Hi, nisk s

-{ Quote: "I grabbed this frame (from a VMware movie capture) of the AD alert when W2K shuts down. Creating an AD rule for c:\winnt\system32\smss.exe, and giving it permission to Terminate, will eliminate both the alert and the slow shutdown." }-

That was the one smss.exe on my sys, Thank you very much nick s.

Could you tell me what Mware movie capture is please?

Once again thank you.

Take Care,
TheQuest 8)

-{ Quote: "Could you tell me what Mware movie capture is please?..." }-

I don't know if you are familiar with Microsoft VirtualPC.

But VMware workstation is sort of the same thing except it has much more features. One of these features is the ability to record your screen while you're in your virtual workstation. Sort of like a screenshot, except it actually records in video what happens on your screen (like moving the mouse and working in an application). It's good for testing software before you install it on your computer. It's great for software developers as well.

http://www.vmware.com/products/ws/

btw, smss.exe doesn't terminate anything on my computer. I don't ever get any shutdown problems like you guys... wonder why... ???

Hi, [suave]

-{ Quote: "Could you tell me what Mware movie capture is please?..." }-

Thank you for the answer and the link.

Glad you did not think I was asking about funny movies, because of my typo Mware. ;)

-{ Quote: "btw, smss.exe doesn't terminate anything on my computer. I don't ever get any shutdown problems like you guys... wonder why... ???" }-
Nice to hear you have no shutdown problems [neither do I now :D] but as to why not, well it is Windows we are talking about so your guess is as good as any bodies. :-\

Take Care,
TheQuest 8)

My guess is that whether or not you run into problems during shut down depends on your AppDefend configuration (i.e. whether or not you have modified the default rules, and/or added your own), and what software you have installed. Some software self-terminates very quickly at shut down, and some software takes longer to close. Maybe the added delay introduced by some software is what can cause problems.

-{ Quote: "My guess is that whether or not you run into problems during shut down depends on your AppDefend configuration (i.e. whether or not you have modified the default rules, and/or added your own), and what software you have installed. Some software self-terminates very quickly at shut down, and some software takes longer to close. Maybe the added delay introduced by some software is what can cause problems." }-

Yeah but in his screenshot it shows smss.exe trying to terminate gss.exe.

On my computer, smss.exe doesn't terminate anything... ever. And it's not my AppDefend configuration. I have it set to Ask me anytime a process tries to terminate another one. So if smss.exe was to terminate anything, I should be prompted about it.

The whole point here is that I never get any prompt. Which means that either smss.exe is slipping through AD somehow, or my computer is diiferent in some way.

I dunno... is it normal for smss.exe to terminate processes at shutdown?

It could be that on your system, GSS.EXE terminates on its own before any action needs to be taken. That's all I was saying.

I thought that WINLOGON.EXE is what did most or all of the shut down handling. I'm not sure what's going on with SMSS.EXE.