Hi I installed PG 2.0 (regged) on my XP Pro SP2 system yesterday. Fairly uneventful, the install went smoothly and PG began "learning" my apps. I added the 3 NOD32 executables to the allow list and things were going well.

Then I woke up this morning and found my backup software (Dantz Retrospect 6.5) had failed. The way the backup software works is there is a "server" that has the tape drive and main backup software, and this communicates with a "client" daemon running on my machine which is the one with all the DiamondCS stuff on it. Pretty standard arrangement i think. Anyway, I got the following error message in the backup server's Log:

"Trouble reading files, error -1010 (API request bad)" and
"Can’t use Open File Backup – error 1017"

/edit: I forgot to mention, the PG Log shows no blocked attempts, or anything (plus it is in "learn mode" still anyway.)

Additionally, I began getting the following error in my Event Log:

"The Computer Browser service terminated with the following error:
This operation returned because the timeout period expired. "

This happens after a few minutes of starting the Computer Browser service, it dies again. I can manually start it again, but it will die in a few minutes again, which makes it impossible to browse network shares on my LAN. I never had this before, and all I did yesterday was install Port Explorer, Process Guard and TDS-3 (all regged versions) so one of them may be causing this conflict.

Any idears?

Try disabling Process Guard and repeat your backup procedure. That should either eliminate or show PG as the cause. Also look through your PG logs for anything noteworthy.

Nick

Hi LuckMan212, If you know what the main backup process(s) .exe's are try adding them to the Process Guard protection list with the Allow Service/ install driver flag. Then watch the PG window log for any other Allow flags that the backup service needs.
Also check that the .exe's are on the checksum list with the always allow enabled.
I am not familiar with your particular backup program but others may be able to give you more advice.

HTH Pilli

OK I tried disabling PG, and running the backup is now successful. So it is definitely PG causing the conflict. :-\

now what? I need this backup software (paid over $2,200.00 for it) but I really want PG's protection too. Adding the .exe of the backup daemon to PGs exclude list had no effect (didn't think it would, since like I said above there were no blocked attempts in the PG log window previously)

DCS- help!

Sorry I was replying before your edit :)

-{ Quote: "Adding the .exe of the backup daemon to PGs exclude list had no effect " }-
Not sure what you mean by that? Process Guard does not have an exclude function as such but you may have meant either the protection list or the checksum list?
Are you sure that the .exe(s) that you selected are the actual ones that start the BU service?
Have you initiated any of the General Block tabs? If so try removing them one at a time to see which one may be causing the problem.

Thanks. Pilli

by the exclude list I meant adding the backup sw .exe to:
blocked privs: NONE
allowed privs: everything checked

-{ Quote: "Are you sure that the .exe(s) that you selected are the actual ones that start the BU service?" }-
how would I know this? there is nothing in PG's log indicating that something tried to run or do something that was denied, if that's what you're asking.

as for the general protection options, I have none of them checked at the moment. I was going to enable them after I finished "learn mode"

-{ Quote: "by the exclude list I meant adding the backup sw .exe to:" }-
That is the protection list and the block / allow flags. :)

-{ Quote: "how would I know this? there is nothing in PG's log indicating that something tried to run or do something that was denied, if that's what you're asking." }-
Task Manager may give you a clue, look to see if there are any other processes that stand out as being associated with the BU process.

Another thought occurred - What firewall are you using? It may give us a clue.

Thanks. Pilli

I am not running a software firewall on my PC. I have a hardware firewall. The backup server is on my LAN and thus does not need internet access to get to my PC. As for other processes there are some that I saw in Task Manager but I added them and gave them all full privs and it didn't help.

**question** am I wrong or shouldn't everything that PG blocks show up in the log somewhere? How can I know what program, service, driver etc is being blocked or conflicting with my backup software unless it gets logged?

Anyway, as soon as I disable PG, my backups run normally. :'(
With PG enabled, the backup gets 99% of the way through, and then fails doing something called "saving volume snapshot". I believe this is related to 2 key microsoft services:

"Volume Shadow Copy" -
C:\WINDOWS\System32\vssvc.exe

-and-

"MS Software Shadow Copy Provider" -
C:\WINDOWS\system32\dllhost.exe /Processid:{68A23E6E-1D69-49ED-BF33-C5B638F525C8}

Maybe this will give a clue, of what the conflict might be. I know these are fairly low-level services used for hard drive access. The backup software uses them to allow it to back up "open files" meaning Outlook .pst files, open SQL databases, etc. I tried giving vssvc.exe full privileges as well but that did not help.

OK about the firewall.

Yes the logs usually show any process that tries to access a protected list program and usually what process is trying to do the accessing, in this way one can usually discern what Allow flags are necessaryand even what programs to add to your protected list.

-{ Quote: "Maybe this will give a clue, of what the conflict might be." }-
Regarding the BU failure, will will have to await a DCS reply, Jason may have other possibilities for you to try.

I can add that the latest version of Process Guard is being beta tested and does address some anomalies with other low level programs.

OK I figured out how to turn on advanced/debug log level in my backup software, and got this:

T-29: TPCFile::OriginalFilePath = \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\WINDOWS\system32\pghash.dat
T-29: TPCFile::FilePath = \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\WINDOWS\system32\pghash.dat
T-29: TPCFile::OriginalFilePath = \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\WINDOWS\system32\pguard.dat
T-29: TPCFile::FilePath = \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\WINDOWS\system32\pguard.dat
necoDispatch: transaction 29: result -1,010
xopFlush: flushing any remaining data
arxAccept: accept up to the indicated archive address -490340352, mark 1332099
soctSetThread: socket thread now 0x5ec
soccOpen: socket send buffer size is 65,536
soccOpen: socket recv buffer size is 65,536
soccCallback: connected
smtpOpen: connection established "localhost"
soctPreDispose: maximum queue depth was 1
Trouble reading files, error -1010 (API request bad)
9/6/2004 4:58:05 PM: Execution incomplete

So I found the 2 culprit files!! "pguard.dat" and "pghash.dat". As a test, I tried opening one of those files in Notepad.exe. I got an unknown OS error, so I guess this is done as a precaution by PG to keep other trojans from getting at its "goods". Nice one, but this should most definitely be documented somewhere! (maybe they didn't document it so as to keep it secret from trojan writers??) anyway once i added these 2 files to my backup software's "Exclude" list, the backup was able to complete successfully! :)

Still my comments would be: please log this to the console of PG (i.e., "ACCESS DENIED while XXXXX.exe tried to open pghash.dat for READ" or something similar. Would have saved me a few hours of hair-pulling! (and believe me I ain't got much hair left to spare!) :)

Well done! Yes, pguard.dat and PGhash.dat are protected whilst procguard.sys is running. Excluding them from your normal back up is the way.
Or disabling Process Guard during the BU process would be the unsecure option.
Adding a not about this in the help file is a very good suggestion.

Thanks for reporting how you fixed the problem, as this type of feedback is very helpful to the developers.

Cheers. Pilli

Hi Luckman212

I also use Dantz Retropect 6.5 Professional, but only on a single computer backing up to a hard disk. I also use Raxco's First Defense-ISR which a snapshot imaging program for rollbacks. I have found:

To do a full Retrospect backup, I disable FDISR's Preboot, DCS Wormguard,Process Guard, and my antivirus. Seems like went I don't do this retrospect is hit or miss. Mostly miss since SP2.

When I use FDISR I also disable wormguard,PG and my antivirus.

I found doing this just seems to make everything play better. Don't know the ramifications of doing this across a LAN. ALso I don't do scheduled backups, but do them manually at the end of the day.

Pete

Thanks for the tips Pete.

I am a huge fan of Raxco software I think Perfectdisk is the best defrag bar none.

I had not heard of FirstDefense-ISR. How do you like it? It seems to be another contestant in the Norton Ghost, Acronis TrueImage (what I use now), PQI DriveImage, etc arena. I am curious how you think this stands up against those as truthfully, I find that Acronis has a number of shortcomings.

-{ Quote: "Thanks for the tips Pete.

I am a huge fan of Raxco software I think Perfectdisk is the best defrag bar none.

I had not heard of FirstDefense-ISR. How do you like it? It seems to be another contestant in the Norton Ghost, Acronis TrueImage (what I use now), PQI DriveImage, etc arena. I am curious how you think this stands up against those as truthfully, I find that Acronis has a number of shortcomings." }-

I also love Raxco software, and there tech support is great. On a par with DCS.

Re FDISR I love it, but it is not a replacement for things like Ghost, TI etc. Doesn't protect against drive failure. What it does is make up to 10 bootable snapshots on your main drive. So if your drive uses 10gig, then each snapshot is 10gig. What is neat is you can boot into the other snapshots, and work in them like your main system. It is great for beta testing. If something you do messes up the system, you just boot back to a good snapshot,and copy over the trash. Check it out, its neat.