pb found in the unninstall procedure

Hi,

There is a problem with the uninstallation procedure, that i have found showing PG to a friend today.

1) If processguard.exe has the CMH activated on itself, while the uninstallation procedure take place, when i click "cancel" to the CMH dialog, PG GUI popups, i minimize it, and the uninstallation is freezed in the background.
I have to kill it in the task manager, but PG isn't removed.

2) if processguard.exe hasn't the CMH activated on itself, when i click "cancel" on the CMH window while the uninstallation, a part of the uninstall procedure however runs, and remove PG files but not the driver. The uninstallation procedure runs fully, and at the end ask to reboot.
At reboot, the driver seems to still be there, but applications aren't anymore protected and i can end them in the taskmanager.
I remember to have installed again PG over the remaining one, of course i have had an error because of the driver still running, and at reboot, althought all appeared as usual (GUI started and no error message about the driver), i was still able to kill protected processes with the taskmanager. I have uninstalled properly this time, reboot, install again,
and all is fine.

3) if processguard.exe has CMH activated on itself but when it popup you close it (after to have clicked "cancel" on the CMH dialog while uninstallation), the uninstallation which was freezed on 2) start again and uninstall properly PG.


Of course i would never tested that if i wouldn't had a friend asking me a "show".
And the result is :

- when uninstall process is freezed, it isn't with the most proper way (why not to kill automatically uninstall.exe once "cancel" is clicked ?)

- when we close PG GUI, why the uninstall procedure which was freezed start again whereas we have clicked "cancel"?

- when PG hasn't CMH protection activated (which is by default but me like others on this forum had disabled it ) after clicking "cancel" the uninstall procedure is may be partially blocked, but after a reboot PG isn't effective (processes can be killed).


So i think there is something to improve to handle an unwanted uninstallation.
For now, just activate the CMH on procguard.exe (even if you don't launch it), and when it popup while the uninstallation _do not close it_ even if it was closed before, and kill in the taskmanager all files related to the uninstallation.

I hope to have provided enought information.

 

Re:vulnerabilitie found in the unninstall procedure

gkweb,
Thanks for the notes. We'll run some tests on Monday and get back to you with more then. We're expecting to release a new version this week (which also adds complete protection for SetWindowsHookEx), so if any changes are needed then we should be able to easily add them to that release.

Best regards,
Wayne

 

Re:vulnerabilitie found in the unninstall procedure

Hi Wayne,

as stated it isn't so harmfull since you just have to add CMH to processguard.exe to ensure PG can't be uninstalled.
But if in addition, there is really a small pb (and not only a local bug on my comp) and that you can correct it quickly, it would be better of course

 

I have found that PG uninstalls correctly if you disable all protection before starting the uninstall procedure.
In fact I think Jason has suggested that this is the preferred metod of uninstallation although that may have been for an earlier version.

 

Pilli, i don't want to uninstall PG !
It was the case where a trojan tries to uninstall itself PG and click on the "cancel" button on the CMH dialog.

@me (lol)

...

if my config wasn't removed, taskmanager is allowed to terminate processes on my config...
So PG GUI is may be uninstalled but not the driver which is still running.

Anyway, more info on Monday.

 

I must be tired GK and misread your post . Sorry - Been beta bashing 1.200 and now my brain hurts, only one brain cell without a back up

 

I hope this 1.200 version is ready for us next week

For your brain, the best cure is "instant sleeping".
You may know "instant messaging", but instant sleeping is different.
It requier that you run full speed your head first against a wall.

Instantly you will feel better and will fall in wonderfull dreams

 

Too risky, With only one brain cell

 

ouch your right, take care of it, i wouldn't want that you lose this last brain cell, you wouldn't be able to beta test PG !

May be can i advise you so "natural uninstant sleeping" ?
Just require a bed and time