PG and PC-cillin

[Terravita]

Can anyone tell me why PC-cillin's "tsc.exe" is trying to terminate so many processes?

[15:22:34] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\program files\challenge\tds-3.exe [804]
[15:22:34] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\windows\system32\smss.exe [924]
[15:22:34] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\windows\system32\csrss.exe [972]
[15:22:34] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\windows\system32\winlogon.exe [996]
[15:22:34] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\windows\system32\services.exe [1040]
[15:22:35] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\windows\system32\lsass.exe [1052]
[15:22:35] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\windows\system32\svchost.exe [1268]
[15:22:35] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\windows\system32\svchost.exe [1416]
[15:22:35] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\windows\system32\svchost.exe [1676]
[15:22:35] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\windows\system32\svchost.exe [1708]
[15:22:35] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\windows\system32\svchost.exe [748]
[15:22:35] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\program files\trend micro\pc-cillin 2003\tmproxy.exe [1452]
[15:22:35] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\windows\explorer.exe [3024]
[15:22:35] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\program files\processguard\pg_msgprot.exe [3376]
[15:22:35] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\program files\processguard\procguard.exe [3416]
[15:22:35] [P] - c:\program files\nsclean\boclean\boclean.exe [3612] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\windows\system32\svchost.exe [1268]
[15:22:35] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\program files\lavasoft\ad-aware 6\ad-aware.exe [3476]
[15:22:35] [P] - c:\program files\nsclean\boclean\boclean.exe [3612] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\windows\system32\svchost.exe [1416]
[15:22:35] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\program files\lavasoft\ad-aware 6\ad-watch.exe [3572]
[15:22:35] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\program files\nsclean\boclean\boclean.exe [3612]
[15:22:35] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\program files\trend micro\pc-cillin 2003\pccclient.exe [3632]
[15:22:35] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\program files\trend micro\pc-cillin 2003\pccguide.exe [3684]
[15:22:35] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\program files\trend micro\pc-cillin 2003\pop3trap.exe [1896]
[15:22:35] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\program files\challenge\tds-3.exe [804]
[15:22:35] [P] - c:\program files\trend micro\pc-cillin 2003\tsc.exe [864] tried to gain TERMINATE access on c:\program files\qualcomm\eudora\eudora.exe [2804]

[Andreas1]

...probably it's not actually trying to terminate all those processes, but rather - in order to maybe later scan them and be able to take all necessary measures, should something weird be found - asking the OS to be allowed "full" access to those programs. It is this access permission request that is blocked and reported by PG, not an actual termination attempt.
Why the request is made in the first place is something you'd have to ask the developer of the tool making the request - as I said, I suppose it enumerates all processes and, while at it, requests terminate privileges "just in case"...

HTHH,
Andreas

PS. If you're feeling confident with this, you can add tsc.exe to the list of protected programs and give it an "allowance" to get this TERMINATE access - doing so should eliminate the many log entries it produces otherwise.

[Terravita]

Thanks Andreas!

I will send a note to Trend Micro before I make any changes.

[Gavin - DiamondCS]

Process Guard gives YOU a lot of control. It would have been more likely that your antivirus wanted FULL access, what blocked flags do you have on ? You can give your antivirus full access, so it can scan all protected processes. EVERYTHING you put on the list should be trusted anyway, so dont worry about being too kind at giving access. Its actually fine to go and give things access to each other, its TROJANS you dont want having access ?

Hope you enjoy the program

[Terravita]

All processes are blocked with "Write, Terminate, Suspend, SetInfo", no exceptions.

I did send email to Trend Micro. They responded by requesting me to send them an export of "msinfo32.exe". The file has been emailed and I am waiting for further information/instructions.