ProcessGuard gives me this warning sometime.

Warning details:
"svchost.exe was blocked from terminating wmiadap.exe"

-{ Quote: "Protection Settings:
Protection Enabled
Execution Protection Enabled
Block new and changed applications Unchecked
Learning Mode Unchecked

Global Protection Settins:
Protect Physical Memory Checked
Block Global Hooks Checked
Block Rootkit /Driver Service Installation Checked
Block Registry DLL Injection Checked" }-

I would appreciate if you could shed light on whether or not the above is a normal occurrence. In addition, I'd like to know what the most secure settings for svchost.exe. The bellow attachment shows my svchost.exe setting when the warning appears.

Thanks!

---
Windows XP Pro SP2
ProcessGuard 3.15 Registered

Also attached below my wmiadap.exe settings

it looks normal to me, based on the settings that you have, where "svchost.exe" cannot terminate protected applications.. :)

I still don't understand with that svchost.exe settings why svchost.exe sometime tries to terminate wmiadap.exe::)

if you remove "wmiadap.exe" from PG's protection, the "problem" would be resolved..

i am running win xpsp2 and i do not have "wmiadap.exe" in PG's "protection"..

here is a link to some info on "wmiadap.exe":

http://www.liutilities.com/products/wintaskspro/processlibrary/WMIADAP/

I gave svchost.exe the ability to terminate. It needs that sometime for shutdowns and reboots. I never had any ill effects from that.

I get the same message if I suspend my PC shortly after a boot up and wmiadap.exe is running and doing it's thing. Wmiadap.exe usually only runs for short periods after boot up on my system anyway. Svchost will try and terminate it before the suspend and fail.

It's the only time I see svchost trying to terminate something, so I don't allow it termination rights. I usually just ignore it, terminate wmiadap.exe myself upon resume if I see that message or sometimes I think it just closes itself down after a certain time like it normally does if I hadn't suspend/resumed my PC.

-{ Quote: "I get the same message if I suspend my PC shortly after a boot up and wmiadap.exe is running and doing it's thing. Wmiadap.exe usually only runs for short periods after boot up on my system anyway. Svchost will try and terminate it before the suspend and fail.

It's the only time I see svchost trying to terminate something, so I don't allow it termination rights. I usually just ignore it, terminate wmiadap.exe myself upon resume if I see that message or sometimes I think it just closes itself down after a certain time like it normally does if I hadn't suspend/resumed my PC." }-

That is what is happening here and what I am doing. Guees I need to dig a bit deeper what wmiadap.exe really is.

I believe this has been discussed before. Try doing a search on this forum. XP does housekeeping chores with wmiadap.exe and wmiprvse.exe shortly after boot.

MS has a tool that disables some of these performance counters, but some are built into XP and not configureable. There doesn't seem to be any sort of complete documentation on exactly what it is doing.

Only that it's part of XP's "optimization" routines... You could try search MS's technet or knowledgebase and see if you get any details.

WMI http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/wmi_reference.asp.

ADAP http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/wmiadap.asp.