Can't uninstall ProSecuruty

Prosecurity will not allow me remove it from start up, it keeps coming back. I want to stop it running for the moment.So I try to uninstal and cannot, get 'error occurred when terminate process of PS'.

Can anyone help me get this off my PC

I think too many progs now assume they will be wanted to run at start up and do not ask. Would be better to have choice configuring, or am I missing something?

Thanks

 

Hi,

The safest way to uninstall anything in this nature is to delete them in

Safe Mode. Go into safe mode, and find its uninstall file and proceed with joy. Be happy.

 

No its not running in tray, where do i look for it running in task manager, what is the process name? Is it rule editor? I have heaps of instances of rule editor in task manager

Thanks

 

Hi

But should I not be able to uninstall withoutsafe mode?

David

 

WinPatrol will disable this for you if the other suggestions here do not work.It will not uninstall software but will stop it from running and/or remove it from your startup list.A very useful software.

 

WinPatrol wont do it tried, keeps trying to start

 

You did under startup programs, how about active tasks/select kill task and services/info..disable ?

 

tried that too. Got email from hairy coo but do not see post.hairy coo can you explain what you mean by 'it needs to start first off'

 

yes meant the auto

I uninstalled in safe mode. But would like to know where i went wrong. It seems a very good prog to have if its security is as difficult to end. Might want to have it back when learn how to control it

Thanks

David

 

You must be referring to the auto notification of new post-I deleted the post as I quickly woke up to the fact that as its a security app,you cannot kill it by any normal means.

APT will kill it-so how secure is PS in the first place?

http://www.diamondcs.com.au/advancedseries/apt.php

Firstly,try this-Go to Privilege and disable Terminating/Setting Process.

If this doesnt work ,disable ALL protection in PS.

If the normal uninstall has disappeared go to Program files /ProSecurity/uninstall.

 

It cant be secure if APT can kill it.

APT is a standard test for security apps termination vulnerability

Edit; had some editing probs=posts out of sequence

 

what is APT? Is it advanced procees termination? What can not be killed by APT?

 

David-if you follow the link in post 11-it will explain fully.

 

Hi,

Any given security app , especially those kernel-hooking HIPS, tends to associate with a lot, I mean lots, of other parts of your system, it is designed to sneak into and control them.

Being difficult to uninstall is one thing, if you force your way to do it, some serious consequences could be the end word, be careful. I have learned this thru some painful experiences. Safe mode is there for you to use in this circumstance, do not overlook it, and use it smartly.

PS: if you have registry editor on hand, do a search for ProSecurity, you will be surprised to find more than handful of leftovers. It is the normal hang-over after encounter with HIPS. Nothing is surprising.
Take care and be happy as usual.

 

I'm new To ProSec. I switched learning mode on AND install mode on and its very silent. Every now and then I untick for a bit of action.

Seriously though I've played with many combos lately and I have a warm fuzzy feeling about ProSec and DefenseWall working in tandem.

 

Hi,

ProSecurity does not need its running processes (PSSession, Alarm, RuleEditor) to enforce its protection. No need to try terminating processes with APT when all you have to do is let ProSecurity itself block Alarm and RuleEditor from executing at startup...

Alarm.exe
[EXECUTE] 2007.11.27 01:08:10
[BLOCK] C:\Program Files\ProSecurity\Alarm.exe
Command Line:"C:\Program Files\ProSecurity\Alarm.exe"
[FROM] C:\WINDOWS\Explorer.EXE
Command Line:C:\WINDOWS\Explorer.EXE


RuleEditor.exe
[EXECUTE] 2007.11.27 01:08:10
[BLOCK] C:\Program Files\ProSecurity\RuleEditor.exe
Command Line:"C:\Program Files\ProSecurity\RuleEditor.exe"
[FROM] C:\WINDOWS\Explorer.EXE
Command Line:C:\WINDOWS\Explorer.EXE

The PSSession service can be set to manual start or disabled. The protection persists even after a reboot and you will see errors like this when you execute unknown apps...

Nick

 

Off Topic, but...

ProSecurity is NOT vulnerable by APT. Here are screenshots of ProSecurity 1.4 Public Beta 2 defeating APT.

http://img502.imageshack.us/my.php?image=prosecbeatsaptql6.jpg

Just thought I would abolish the myth, I don't know where it came from Hairy Coo, why did you think ProSecurity was vulnerable?

 

Nick s,

I am running version 1.30 free and APT killed all the three processes with the APT Kill 1 function.

I see that PS is still running as a service on auto-are you saying that therefore the protection is still there,even though the 3 processes have been killed?

If you could give a brief explanation I would of course accept it-a bit unusual isnt it

 

PS Free doesn't boast nearly as many defenses as ProSecurity paid.

It is a brilliant product, only hampered by it's clunky interface and grammar.

Technically, it is by far the best "Classical" HIPS available as far as I am concerned and tried a lot of programs.

 

Stephen2 Aus

http://i59.photobucket.com/albums/g290/mikisu/2007-11-27_223814.jpg


Fairly obvious-what are you saying now,that I cant kill in my version?.

Possibly its been corrected in the beta.

You say that PS is a classical hips-I would classify it as a behaviour blocker

http://wiki.castlecops.com/Lists_of_freeware_behavior_blockers

 

Hi,

Yes, that is my point. Alarm, RuleEditor, and PSSession are basically "helper" processes. The PSSession service can be set to manual startup. Even if APT were capable of killing them, ProSecurity's rules remain fully enforced by its driver. Setting ProSecurity to block its own helper processes, as shown above, was just an extreme example. You only lose interactivity when you terminate Alarm, RuleEditor, and PSSession.

I suspect there are some limitations to the free version which make it vulnerable to APT. For me, APT 4.0 fails against paid versions of PS 1.30 and PS 1.40b3.

Nick

 

Thanks for the explanation ,Nick-interesting.

However I can kill the processes in paid 1.30 using APT2.1.

As you said,this seemingly doesnt affect the protection as shown by the leaktest alert,even though no PS app. is showing in the taskbar

 

After digging through old threads here and at the ProSecurity forum, I see that 1.30 has an unfixed windows message handling vulnerabilty. Using APT 2.1, 1.30 will fail kill methods 7 and 8. Using APT 4.0, 1.30 will fail kill methods 2, 3, and 4. PS 1.26 and PS 1.40b are not vulnerable. Some related posts (including one by me):

https://www.wilderssecurity.com/showpost.php?p=991269&postcount=33

https://www.wilderssecurity.com/showpost.php?p=991716&postcount=44

http://www.proactive-hips.com/yabb/yabb2/YaBB.pl?num=1178122947/2#2

Nick

 

Not sure if it's of any help or not but the combination of AUTORUNS/APT should "halt" PS Security by pulling it's driver AND killing process. I don't fool with it because it BSOD my units too much to gain my trust over time. If the above is prevented in Windows try Safe Mode and see how things fair that way. You only need identify critical active componants then remove them, but if when you go that route, you'll also need to fish the registry to remove it's entries too.

Good Luck.