I really like the new Process Guard V1.1 Full :), but I'm having problems when it comes to shutting down my PC or logging out of an account. :-\

With the protection enabled Windows sticks at the ‘Saving your settings’ screen. I've waited 5 minutes to see if the PC eventually shuts down / logs out, but nothing happens - though hard drive activity still seems to occur.

Normally my PC shuts down within 5 seconds. Disabling the protection allows my PC to shut down properly again - but only after a forced reboot. I’ve had no problems with V1.0 and I've already tried reinstalling V1.1. (My PC was rebooted before and after uninstalling/reinstalling V1.1.)

I’ve currently reverted to V1.0 as it’s a pain having to restart the PC just to switch accounts and then sit through Scan disk – which always finds errors due to the forced shut down while the hard drive is active.

Hope someone can help.


WinXP Home SP1 + updates
NIS 2004 / TDS3 / PE / Ad-Aware Pro

Wow, thank GOd it's not just me! ;D

I'd just logged on tonight to ask for help on the exact same thing - I 'hang' when 'log out' to go to another user account/shut down - for 20 mins or more!- same thing; "saving user settings".

I've uninstalled, re-installed, logged off, manually de-installed via the advice above, refused default prot load advice, accepted it etc etc etc etc. No difference.

True now, I now REALLY like PG - and with this new version; the added HIR with the MOVING and BAR CODED background for the confirmation - LOL ;D ;D,
Superb!! - a hunter-killer app should now become recognisable by it's physical size as it'll be towing some serious OCR code too!!!!!

BUT, seriously, it's of no use if it can't be used, and I too am an XP SP1 multi account user WITH NO V1 difficulties having immense probs with V1.1 - and so reverting.

Hoping someone smarter than me can help...

Regards
Mike

ooops, pressed post instead of preview - just to add Mike PJ - you shouldn't have to wait too long for a real answer DCS is excellent in their support.

Mike

PS as this is post 1 for you, I guess I get to say hi first!!

Hi guys, welcome to the forum.

Waiting for the DCS people or other HEGs (Highly Experienced Guys) to give hands in this. I'm very sure it will be solvable but i'm not able to yet.

Mike_ZZ in the upper right corner of your posting is the "modify" button so you can change your posting with that after posting, even after longer time after growing insights :)

Hi Mike_ZZ and Jooske, thanks for the welcome. :)

It always feels better when it’s not an isolated problem – not that I’m glad you have the same ‘log off’ problem as me Mike_ZZ…if you know what I mean. ;D

Looking forward to a possible solution……

May be i'm wrong, but it doesn't sounds like a bug, but more like you haven't
given allowed privileges to important system services.

For example on my computer :

pg_msgprot.exe : Write, Terminate, Suspend, SetInfo
lsass.exe : Write, Terminate, Suspend, SetInfo
svchost.exe : Write

And i can logoff as usual on my XP + SP1

Hi gkweb. Thanks for your reply.

The problem appears even when logging out of an account with administrative rights. PG itself gives the permissions you suggested (plus more) to those files by default.
If I’m being dumb and missing your point please bear with me! Any advice is gratefully received. Please remember I’m using XP Home and V1.0 had no problems what so ever (I’m using V1.0 again just now).

I think theres a few things the problem could be, we have sorted out issues already and this will just need some heavy debugging :)

I'll try to get the same thing here on Win2k, works fine logging off here. Does on another well maintained (clean) Win2k system but not on an older XP install. So there is something there or maybe its ONLY XP. Which poses the question does anyone have the problem with Win2K ? :) thanks for the help everyone

Mike PJ,

Please be careful if using v1.0 as it is less powerful and install/uninstall needs to be checked manually. If you accidentally switch v1.0 EXE or driver with parts of 1.1, there will be real problems.

There is a manual full uninstall mention in the help file step by step guide to make sure its a clean uninstall :)

This thread leads to a question I have. I noticed that some of the processes like services.exe and svchost.exe have the same 4 privileges, both blocked, and allowed. They were installed this way, the first time I ran the program. I assume the effect is to allow them, and that this is intentional. Is this the correct settings.

I thought I might have a shut down problem, but the I realized that I had done a defrag, and went right to shutdown, and Go Back had to finish its writes, before the system could shut down. PG is working great.

No problems here either logging off or shutting down.

My installation here is an upgrade from WinMe to XP Pro. Pete

no problem on my clean XP PRO install (not upgraded from another windows)

{QUOTE-> quoting: Peter2150 link=board=40;threadid=16996;start=0#msg105200 date=1070121224]
This thread leads to a question I have. I noticed that some of the processes like services.exe and svchost.exe have the same 4 privileges, both blocked, and allowed. They were installed this way, the first time I ran the program. I assume the effect is to allow them, and that this is intentional. Is this the correct settings.
<-QUOTE}

I suppose this will make it to some sort of FAQ sooner or later, but in the meantime, see if this helps:

By the flags being set as you have described, you are a) allowing, say, svchost, to terminate, write, setinfo etc. other protected processes. Which will give lots of log entries and possibly erratic system behaviour if disabled. And you are b) preventing svchost from being terminated, written to, suspended etc. by any process (except for those with allow privileges in PG). This is a good thing in itself, but it also means that nothing can sneak into is and use its terminate, suspend etc. privileges that you have granted in a).
Only you set them in the reverse order, i.e. first "block flags" and then "allow flags".
Allow flags override block flags, all the more reason for having strong access restrictions to those processes that you give allow flags to.

Don't know if I could make it clear...?

Andreas

Unless I'm mistaken, it looks very much to me as though:

(1) the default settings for the things you've included should just be left alone.

(2) Nothing else should be given "Close Message Handling" except PG itself.

(3) Anything else you want to add protection for should just be added in and left with the default settings

(4) You let the chips fall where they may with the logs - you'll get a lot of un-needed information BUT it all bears looking at to discover anomalies

Does this sound about right? Or am I missing something as regards "Close Message Handling"? Pete

Re the Log off/Turn off problem. I spoke to soon when I said I didn't have it. I do also. Will post details later.

Add one more to the log off problem. I have followed the instructions for a manual uninstall in safe mode, turned startup off on all security software, reboot, reinstalled PG with reboot, turned on startup for all security software and reboot. The next time I reboot, the system hangs at saving settings.

I am running a clean install of XP sp1 with all updates applied.

I too have encountered the "Saving Your Settings" logging off problem. The machine will hang indefinitely until manually reset. I was going to post this yesterday but I had already posted two other problems and thought that my machine was the culprit. It is a great relief to know that other XP users have confirmed this as a fault. We can rest assured that DiamondCS will soon have a fix for it.

Also sometimes when switching users I get the "Error 3" message about Attaching to the Kernel Driver. I then reboot. On reboot I sometimes get the BSOD Stop error 0000000a IRQ_Less_than_Equal.

Just to add to the list of woes, using the "Process Kill Demo" it says that it could not remove any of the Security Programs. However several times this has caused my Outpost Firewall to pop up a window saying it has to close because of problems, or even just close without any pop up warning. At other times Outpost remains untouched. This is despite being protected by Process Guard. My other protected programs have no problems.


My machine had none of the above problems with the previous version of Process Guard. They only occurred after installing the new version.

I have Ver. 1 and so far haven't downloaded the new one. I am reading about the shut down problems. I have had a problem with Ver 1 so I would shut PG down first. Then the shut down wouldn't hang. Can you do the same thing with the new one? I have XP Home Edition.

WilliamP,

The short answer is "No". Once Process Guard is installed that's it. Uninstalling it fixes it. Disabling or Closing it doesn't.

Thanks anyway.

Bizarre. For Wayne,Jason, and Gavin. First I want to document my system.

3.0 Gig Pent IV. with 1 Gig mem. No resource prob.

software is:

Win XP Pro Sp 1 with all patches/upgrades.
Go Back
F-Prot
Zone Alarm Pro 4.5
TDS-3
WormGuard
ProcGuard
Spybot S&D
Adaware
Raxco Perfect Disk Defrag.

This thing has me scratching my head, because yesterday, I wasn't having any problem, doing several log off's, and shutdowns. I no sooner earlier stated that I had no problem, and oops. I can't logoff, or shutdown. In fact since my power switch is on only, to shut the computer off I have to reboot into safe mode to shutdown.

First thing I tried was a defacto uninstall. Didn't actually uninstall, just went into safe mode and renamed the procguard.sys, and rebooted, thus shutting down Proc Guard. Log off and and shutdown are then fine. Since everything had seemed fine night before, I then used goback to revert the drive back to the night before. Still had the problem. Then remembered the only other thing I had done was defrag the drive, and I didn't revert to a time prior to that.

At this point I did a complete uninstall, making sure to remove everything, and then a new install of PG. I let PG do it's automatic install, and then added my programs. At first it seemed to work, but back to can't log off or shutdown.

Also tried shutting down PG, but the kernel is still at work, so that didn't help. Also tried uninstalling the protection of wormguard, but alas, no help.

My next step is to again uninstall, and reinstall, but not add any of my programs, and see if that makes any difference. Will post the results.

Any idea's for fixes.

Oh well I have already removed the Ver 1 and I am not going to download the new one. I have NOD32 and XP. I certainly don't want the headaches of not being able to shut down. Why can't it be shut down by me? That worked for Ver 1.

Okay, experiment continued. Reinstalled, and just let the automatic install work. Added no additional programs. Still couldn't log off, or shutdown. Then tried shuting down the close window option on PG: didn't help. Finally tried disabling PG before trying the log off, and that also didn't work.

Don't have any further idea's so I reinstalled Version 1.0 for now.

Wayne,Jason, Gavin: If you have anything further that you want me to try, let me know. I don't mind experimenting on this system, thanks to Goback.

Pete

isn't the big difference between 1.0 and 1.100 is the close msg handling ?
If you disable it, is it still hanging ?

May be Wayne or Jason will come with more answer.

The big difference is you dont even need ProcGuard.exe running to be protected by the system. And others :D

Close Message Handling can be disabled and it wont help I think, the best thing to do is to try disabling protection then shut down PG if you want to logoff or whatever. Does this help ?

IF we have to handle the logoff and shutdown sequences differently then we look into that before the next build. Jason will sort things out soon, there may even be a new build straight away so we will let you know very soon what is up :)

{QUOTE-> quoting: Gavin / DiamondCS link=board=40;threadid=16996;start=15#msg105387 date=1070178372]
the best thing to do is to try disabling protection then shut down PG if you want to logoff or whatever. Does this help ?

<-QUOTE}

I think I found this to work – but unfortunately only after a reboot which made doing this impractical. After a reboot I could log off ok as long as protection was left disabled, and (if I remember right) I could enable protection and it would still shut down the first time OK but then be back to sticking from that point on. (But all that’s purely based on memory!)

Well.. while it might sound like a failed test to you, this helps us ! Thanks :) We will be better able to locate the problem now as long as we can replicate your situation.

One other thing I noticed after the installation of 1.1 and having rebooted the PC was the protection by default was disabled. Should it be? On enabling it, the first reboot was OK then stuck from that point. HTH :)

I forgot to mention manual uninstalls. There is manual uninstall in the help file, but this should only be done after a failed normal uninstall, or if you cant connect to the driver in v1.0..

Renaming the sys file from safe mode wasn't the best option, because if you just do that with 1.1 you will leave other things running and doing the uninstall right is important to tell Process Guard you really are wanting to uninstall, not tamper :) Please use that uninstall button not any manual methods from now on.

Hi Gavin,

{QUOTE-> quoting: Gavin / DiamondCS link=board=40;threadid=16996;start=15#msg105422 date=1070194210]
I forgot to mention manual uninstalls. There is manual uninstall in the help file, but this should only be done after a failed normal uninstall, or if you cant connect to the driver in v1.0..

Renaming the sys file from safe mode wasn't the best option, because if you just do that with 1.1 you will leave other things running and doing the uninstall right is important to tell Process Guard you really are wanting to uninstall, not tamper :) Please use that uninstall button not any manual methods from now on.
<-QUOTE}

While I fully agree with your recommendation of using a "regular" uninstall routine, how about putting the manual uninstall routine - rescue - last resort - method on a page in the PG website? For, if you have a failed normal uninstall, chances are you no longer have the helpfile there...
Just an idea.

Andreas

{QUOTE-> quoting: Gavin / DiamondCS link=board=40;threadid=16996;start=15#msg105387 date=1070178372]
The big difference is you dont even need ProcGuard.exe running to be protected by the system. And others :D

Close Message Handling can be disabled and it wont help I think, the best thing to do is to try disabling protection then shut down PG if you want to logoff or whatever. Does this help ?

IF we have to handle the logoff and shutdown sequences differently then we look into that before the next build. Jason will sort things out soon, there may even be a new build straight away so we will let you know very soon what is up :)
<-QUOTE}


Disabling protection, or even exiting doesn't help, already tried them. I think the first shutdown thing might be right. If I remeber right, it does shutdown, the first time after installing. But after that no. It was only the first time after installing however, after that, it wouldn't shut down even after a cold start.

We do need a new build right away, once you figure this out. With this problem, this version, is essentially unusable. Have a busy day today, but will try and go back and confirm this 1st time shutdown issue.

Thanks for your input guys. It is weird because some people have this problem, and others don't. You would think it would be the same on all XP machines, but I have no problems at all on mine. We will investigate this more thoroughly (we have a machine here which has this problem so it will be easier to debug).

By the way, you may think your "power" button only turns the machine on, but that is probably incorrect. Simply HOLD the "power on" button for 5 seconds to turn off your PC. This is how it is on all modern ATX computers.


-Jason-

Just to let you know that this problem has now been sorted for me, with the release of 1.15.
Also the strange log entries I was getting before have also disappeared. The only minor problem I have is with an error message - about being unable to open a .dat file when I switch users without logging off first. But that I can live with.

Thanks for your hard work one and all. ;D