Problems with Unknown program

[Carey934]

A customer recently called me who could no longer obtain a TCP/IP address from his router on his Windows XP system. We uninstalled Norton and Zone Alarm, rebuilt the Winsock and still only recieved a 169.254.x.x APIPA address from Windows.

We placed a static address in the TCP/IP settings, that also did not permit access to his LAN or Internet.

We uninstalled and reinstalled the NIC, as well as replaced the drivers, and the network cable running from the PC to the router and none of it made any difference.

We tried recreating the WinSock and WinSock2 registry keys and Windows would not allow it.

We also tried re-registering many of the component files required for networking, which also made no difference.

When I had the customer look through Services of MSCONFIG, after checking HIDE ALL MS SERVICES, he read to me (phone support) something called DIAMOND CS GUARD in his services section. Neither he nor I recognized it. I asked him to check his Control Panel and to remove the items, if they were offered, in Add/Remove Programs. They were, and he did uninstall them and reboot.

After more than two hours on the phone and several reboots, this problem was finally resolved by removing this software. I have no idea what this software is. I am a radio personality for the Computer America show, a computer book author and a PC technician with more than 15 years of professional PC repair experience and this problem really had me stumped, as did the solution.

The customer has no recollection of installing this software and has no idea how it got on his system.

My question is this: Is this a common problem and why would I recommend this software to my customers?

Thank you,
Carey Holzman
co-host: Computer America
~removed e-mail addy~
Author: The Healthy PC
Author: Tom's Hardware Guide
Author: CMP Media's ~removed e-mail addy~
~removed e-mail addy~

[Gavin - DiamondCS]

Hi,

Hardly a common problem, nor is it something caused by PG. Why ? because PG doesn't touch registry entries concerning adapters, and would not block a change to them. Only registry blocking software is likely to do this, which could however be conflicting with PG if either was installed incorrectly.. this seems a possibility from the info given.

ProcessGuard when installed MAY however have been incorrectly configured, I guess if "block new and changed" was turned on and the user ignored the huge warning, and then some router configuration program tried to run and was blocked, then YES PG could cause this. But outright no, not the program This seems by far the most likely situation.

If you are using this software you should read the help file, it took a lot of time and is loaded with information.

[Carey934]

The service I shut down was called Diamond CS Guard. I have no idea if that is Process Guard or which product it was specifically, except to say removing this service resolved all of the problems with the PC being able to recieve an IP address from the router.

With this service running, APIPA kicked in giving the PC a 169.254.x.x IP address. You can hardly imagine my frustration of finding the source of this problem. It's fair to say I am not impressed. Whatever Diamond CS Guard is, clearly it locked this customer out of his own system which required a technician to fix. Perhaps a disclaimer should accompany this product that it is intended for advanced users only?

What is Diamond CS Guard and what was it doing on this customers system? He claims he did not knowingly install it. Perhaps you have affiliates up to sneaky business?

[pasito]

His dog, neighbour or wife installed it? Or someone hacked your clients PC and decided to install it for him? who knows.

Does his computer have a special login program to log him into the Internet that installs a rootkit driver each time? ProcessGuard could of been set to block it.

In a nutshell, ProcessGuard can block applications from unwanted termination, rootkit/driver/service/global hooks and code injection attacks. And also has other misc things such as stops applications that have been modified from running. So you see, ProcessGuard obviously would take some configuaration fine tuning.

ProcessGuard does alot more than I have listed, as i'm still new to it and i'm waiting to get my new job so I can buy my new computer and register ProcessGuard.


I am not supported nor affilated with ProcessGuard in any way.

[nick s]

Quote:

Originally Posted by Carey934

...Perhaps you have affiliates up to sneaky business?

Hi Carey934,

You would do well to educate yourself about Process Guard before making allegations that have no foundation.

Nick

[Carey934]

I can only speak of my recent experience concerning it. I have come here looking for answers to educate myself. Hence my post and this conversation.

Can someone please tell what Diamond CS Guard is? Is it the process guard we are talking about that I am assuming it is, or does it perform some other function?

Clearly blocking the PC from obtaining an IP address is something I do not consider to be a feature...

[Brinn]

The services I see associated with ProcessGuard is pgaccount.exe, procguard.exe and dcsuserprot.exe. I don't see a Diamond CS Guard or any variation of that running.

[Carey934]

Thank you. Part of my dilemma is trying to figure out what Diamond CS Guard is doing in MSCONFIG and what product family it belongs to...

Anyone?

[Brinn]

Okay, dcsuserprot.exe is listed as DiamondCS Process Guard Service v3.000 when I open up msconfig. I was just looking at my Task Manager. Could that be what your customer saw? Sorry for the confusion.

[cosmicvoid]

Seems like your customer might have read the name wrong, or else it is something masquerading as a Diamond CS product.

[Mele20]

In XP Pro in Services (local) it says Diamond CS Process Guard Service v 3.000 is "used in Diamond CS products for various security purposes".

Note the word "Process" is there. You are saying your customer had "Diamond CS Guard" in MSCONFIG services. That could be something masquerading as Process Guard.

[Joliet Jake]

It wouldn't have been CS Guard as in....

http://www.halflife.pl/download.php?id=425

or here...

Yesterday United Admins announced their first official release of CSGuard (versioned 8.00). But although it is their first release since they acquired the source from OLO, it will also most likely be the last under the name 'CSGuard':

http://www.ukterrorist.com/news/1885/

[Carey934]

Well, Diamond was in the name, and it was listed in Add/Remove Programs. It is entirely possible it was some other CSGuard. But because he read it to me as Diamond CS Guard, my Google search landed me here.

And let's not forget whatever it was, it was offered in Add/Remove Programs, so that suggests some legitimacy...

[Bubba]

Quote:

Originally Posted by Carey934

something called DIAMOND CS GUARD in his services section.

If you go back into Services and check the properties of DIAMOND CS GUARD....what is the file name and where in the file system is it located ?

[Carey934]

It's been uninstalled from a customer who called me from more than 2,000 miles away because no one could resolve the issue with his PC being unable to obtain an IP address from his router.

I worked with him for 2 hours over the telephone and I am conveying what he read to me. He has since uninstalled the software and I am doing some investigation as to what software would block a PC from obtaining an IP address and why. It's not possible for me to go back and look at the services or files, since they are now uninstalled and the customer is back up and running. It was definately one of the most difficult networking problems I have had to diagnose in more than a year.

[Brinn]

I had a problem where I manually disabled some services which led to the DHCP Client being unable to start up even though it was set to Automatic. I couldn't obtain an IP address because of this. Perhaps PG didn't fingerprint properly, blocking a startup service which led to a similar situation.

[Gavin - DiamondCS]

If it was some serious definite problem (if PG had registry blocking) then I think it would be more widespread than this. As I said above, if there was some application being blocked then YES that could be the cause.

ProcessGuard is installed by a human. There is no possible way it got onto a machine without being put there. It just wasn't installed properly. Hopefully the newest version and website FAQ, articles and guides will be enough so that more and more users can easily protect themselves. Rootkits and DLL trojan techniques are serious problems and used more and more commonly in new malware.

[Carey934]

Quote:

Originally Posted by Brinn

I had a problem where I manually disabled some services which led to the DHCP Client being unable to start up even though it was set to Automatic. I couldn't obtain an IP address because of this. Perhaps PG didn't fingerprint properly, blocking a startup service which led to a similar situation.

Yes, which is why we tried a static IP. Which also did not work.

[Carey934]

Quote:

Originally Posted by Gavin - DiamondCS

If it was some serious definite problem (if PG had registry blocking) then I think it would be more widespread than this. As I said above, if there was some application being blocked then YES that could be the cause.

ProcessGuard is installed by a human. There is no possible way it got onto a machine without being put there. It just wasn't installed properly. Hopefully the newest version and website FAQ, articles and guides will be enough so that more and more users can easily protect themselves. Rootkits and DLL trojan techniques are serious problems and used more and more commonly in new malware.

I suppose the idea that it's possible to not install the software correctly suggests only a user of advanced knowledge use this product. Installing most software simply requires running setup and clicking Next until the installation is complete. Is your software different in this regard?