Failed to Attach Driver Kernel

Re:help poss problem with PG 1.150

It is indeed - Thanks!

 

Ok, if you are having problems first try DISABLING protection in procguard.exe's protection menu. Then try a few reboots, normal system things and see if any issues occur. If everything is fine with protection disabled then you likely have some conflict in your list. Since Procguard.exe cannot capture events that occur at log in or log off (at this stage, might be added in a future version) you cannot see what things may possibly be getting blocked.

It is a tweaking process in some ways to get your list working perfectly with everything else.

The "Cannot attach Error" is a timing issue as far as I can gather. I fixed it on most PC's by allowing it to fail for about 3 seconds but keep trying to attach. I can extend this time limit to allow slower machines to always attach too. I might extend it to 10 seconds, this won't affect machines that can attach to it very quickly, but should help the remaining people.

-Jason-

 

Define slower machines? I’m running Pentium-4 with Windows XP Pro that’s constantly being properly maintained and I reproduced this anomaly easily. Workaround for DiamondCS Process Guard FREE v1.150 anomaly is configure a delay to space its loading of the executable procguard.exe from the other Windows Start-up loadings…

 

CPU isn't all that matters I guess, hard drive and memory speed have some effect. I guess the biggest issue is how many drivers/services are on your system.

So I don't mean "Slow System" in the logical sense, more in that the system is slow to load the drivers for whatever reason.

-Jason-

 

That what i was expecting you to say...

 

Regardless making manual modifications to DiamondCS Process Guard FREE v1.150 Start-up method the anomaly still persists.

- procguard.exe Loading via “Startup Folder” –
* Disabling ALL 3rd Party Software from basic Start-up Groups, excluding Process Guard (procguard.exe)
Note: To no Avail problem still persist.

* Disabling ALL 3rd Party Software from Services, excluding Process Guard (pg_msgprot.exe).
Note: To no Avail problem still persist.

* Proceeded with each and every 3rd Party Driver Starting with Firewall Drivers, didn’t have to go beyond Disabling Look ‘n’ Stop’s Internet Filtering Layer Driver. Fixed the problem...

Obviously manual booting of Process Guard is required after Windows bootup for this thing to Load properly.

 

If the "Failed to attach Kernal" error is displayed you must uninstall and re-install, and then uncheck procguard.exe in MSCONFIG

I disabled procguard.exe in MSCONFIG.
This cured the "Failed to Attach Kernal " problem for me.

javascript:replaceText(' ')
javascript:replaceText(' ')

 

No if you get that message it is pointless to uninstall and re-install, that’ll just give more unnecessary work. Disabling procguard.exe from Start-up Group will fix the problem without Uninstalling and Re-installing the product as I said earlier.

 

Actually, sometimes even less is needed. Most of my adventures and misadventures are captured in another thread here.

After I undid the problems created by installing PG with KAV active (not a major deal), I reinstalled PG in a nice clean fashion. On reboot after the initial install, and when I set PG protection from disabled to active, the next reboot yielded the "Failed to Attach Driver..." message. In each case I ignored the message this time around and rebooted to find everything working fine. It's a though a state change in PG created the problem. Now I realize this isn't the case everytime, maybe not even the majority of the time. However, it's probably worth verifying that the problem is persistent before doing anything, although the disable in start-up solution is a very gentle fix.

Blue

 

donsan, i don't know what caused the problem with your computer, but i want to reassure you, i have not had any problems like that. thankfully, you were able to recover.. as far as procguard goes, if the program doesn't need procguard.exe to be running, one coulld easily add a shortcut to the quickluanch tray. i personally would preferr that anyway, as long as the program does not need procguard to be running to be effective. however, when i run the kill test, my vettray.exe is shut down, and so i was thinking that there is an actual failure in procguards protection (as it is running), somewhere, but i don't really know....

 

glad to hear you have not had the same problem redwolfe that i have had.For the time being i have uninstalled the program till the tech guys possibly iron the problems out.I do like this program and want to use but i want to be able to turn my computer off and on and not have these crashes that can't be good.I will look forward a new and inproved process guard

 

Since Procguard.exe is not necessary for the system to be protected and it appears to be nothing more than a log viewer and update program, why is it even connected to a startup timer and set to stay memory resident by default? Seems to me this is just a waste of a timer and memory. Or am I missing something here?

I randomly get the Kernel error. For example this A.M. after doing a system defrag, it started popping up. Seems to have corrected itself now, however.

 

Hi siliconman01, Personally I like seeing that little lock in the notification area, although I know PG is working.
I would also be happy if it could be closed as long as there was something showing on the desktop that the PG driver procguard.sys was actually running, this could also act as a warning if for whatever reason the driver was closed.

 

It is started by default so people can view the logs the driver generates, if any. It doesn't need to be auto-run though. I find it surprising that putting it in the startup folder didn't fix your problem though Phantom.

More investigation may be required on our part.

-Jason-

 

Hey Jason / DiamondCS

We are family here which means I’m more than happy to assist as much as humanly possible to put this problem to bed, my E-mail is Phant0m@wilderssecurity.info

 

I just realized none of you guys had given me the text from the Window Log when it cannot connect. Something along the lines of :-
"Error: Process Guard could not attach to kernel-mode driver. Please make sure Process Guard is installed properly before continuing."

Please copy this message EXACTLY when it happens and post it here. It contains a number that will be helpful for me. Thanks.

-Jason-

 

I put Process Guard back in my RUN registry to get the info you wanted. On reboot, I got a BSOD, followed by a reboot, and then an error box "Could not attach to Kernel-mode driver. Please make sure Process Guard is installed correctly"

On clicking OK, the human intervention screen appeared and the Window Name #32770 was displayed. Is that the number you are requesting? It's the only number I saw in the chain of events.

 

No, there is an error in the Window Log where all the log occurs, like "Process A tried to gain priviles over Process B", etc. So not the messagebox which pops up, rather the window log of the main program.

-Jason-

 

[03:13:38] - Window Log Started
[03:13:39] - Error: 2. Process Guard could not attach to kernel-mode driver. Please make sure Process Guard is installed properly before continuing.
[03:13:59] - Process Guard Protection is ACTIVE

This is what is in the PG Windows Log after the kernel-mode error. Note that on this reboot, I did not get the BSOD.

 

Thanks SiliconMan

-Jason-

 

I believe mine was the same...

 

Hi, here is a copy of my ASViewer log. I get the "PG cannot attach to kernel" error message off and on. Even when I get the message, I have tried closing a protected program with Task manager via an Administrator acc and am unable to do so, So I assume PG is still protecting my computer.

Sony Vaio, Notebook PCG-GRT100P
XP Pro SP1 with all critical updates
Pentium 4, 2.8ghr
512 mb ram

 

Hi ArchAngel_8 , procguard.sys (the driver) is always working unless disabled through procguard.exe (the user interface) So any protected programmes will still require the completion of the human interface box to close.

Starting procguard.exe manually after boot up is fine & will work OK. I am sure this bug wll be cured in the near future.

HTH Pilli

 

I HAVE THE SAME ERROR #2.
I USED asviewer TO DELETE AT STARTUP.
---------------------------------------------------------------------------------------------------------------------
THIS IS BEFORE
-DiamondCS Autostart Viewer (www.diamondcs.com.au) - Report for oldones@OLDONES-
R8ESKBH, 01-16-2004
c:\windows\system32\autoexec.nt
C:\WINDOWS\system32\mscdexnt.exe
C:\WINDOWS\system32\redir.exe
C:\WINDOWS\system32\dosx.exe
c:\windows\system32\config.nt
C:\WINDOWS\system32\himem.sys
c:\windows\system.ini [drivers]
timer=timer.drv
c:\windows\system.ini [boot]\shell
C:\WINDOWS\Explorer.exe
c:\windows\system.ini [boot]\scrnsave.exe
C:\WINDOWS\System32\logon.scr
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
C:\WINDOWS\Explorer.exe
HKCU\Control Panel\Desktop\scrnsave.exe
C:\WINDOWS\System32\logon.scr
HKCR\vbsfile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\vbefile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\jsfile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\jsefile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\wshfile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\wsffile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RegProt
c:\regprot\regprot.exe /start
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ProcGuard_Startup
C:\TDS\ProcessGuard\procguard.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\System32\webcheck.dll
C:\WINDOWS\System32\stobject.dll
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
HKLM\System\CurrentControlSet\Control\WOW\cmdline
C:\WINDOWS\system32\ntvdm.exe
HKLM\System\CurrentControlSet\Control\WOW\wowcmdline
C:\WINDOWS\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\
C:\WINDOWS\System32\dcsws2.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\rsvpsp.dll
---------------------------------------------------------------------------------------------------------------------
THIS IS AFTER

DiamondCS Autostart Viewer (www.diamondcs.com.au) - Report for oldones@OLDONES-R8ESKBH, 01-16-2004
c:\windows\system32\autoexec.nt
C:\WINDOWS\system32\mscdexnt.exe
C:\WINDOWS\system32\redir.exe
C:\WINDOWS\system32\dosx.exe
c:\windows\system32\config.nt
C:\WINDOWS\system32\himem.sys
c:\windows\system.ini [drivers]
timer=timer.drv
c:\windows\system.ini [boot]\shell
C:\WINDOWS\Explorer.exe
c:\windows\system.ini [boot]\scrnsave.exe
C:\WINDOWS\System32\logon.scr
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
C:\WINDOWS\Explorer.exe
HKCU\Control Panel\Desktop\scrnsave.exe
C:\WINDOWS\System32\logon.scr
HKCR\vbsfile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\vbefile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\jsfile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\jsefile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\wshfile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\wsffile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RegProt
c:\regprot\regprot.exe /start
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\System32\webcheck.dll
C:\WINDOWS\System32\stobject.dll
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
HKLM\System\CurrentControlSet\Control\WOW\cmdline
C:\WINDOWS\system32\ntvdm.exe
HKLM\System\CurrentControlSet\Control\WOW\wowcmdline
C:\WINDOWS\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\
C:\WINDOWS\System32\dcsws2.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\rsvpsp.dll

IT WILL STILL GET THE ERROR CODE #2 IF I DONT LET ENOUGHT TIME GO BY AFTER A REBOOT THE SYSTEM I GET THE SAME ERROE CODE #2 oH BTY I DID THE INSTALL ON A CLEAN INSTALL / NO OTHER PROGRAMS
BUT PROCESS GUARD... I AM USING A MB M7NCD BY BIOSTAR W/nVIDIS nFORCE 2 AND A AMD 2400 CPU , 256 MEMORY 400. ALL AT STANDARD SETTINGS.

 

If you open System Information - Software environment - System drivers and check that procguard.sys is started and Auto. If it is then are protectd, you can then start procguard.exe manually to make any changes

We are beta testing 1.200 this weekend, hopefully for release this coming week. Driver contention at start up i.e. "Cannot Attach" has been corrected and, so far, appears to be working well on beta tester PC's.
There are many other additions in V1.200 the main one being SetWindowsHookEx protection.