PG 1.2 Kernel Mode Failure

As seen with a DIR command from Command Prompt:

Code:

PG directory...
23/01/2004  12:49 PM            40,960 PG_MSGProt.exe
  
Windows\System32\drivers\ directory ...
23/01/2004  04:19 PM            14,543 procguard.sys

 

Eliot, From what I can see most problems are comiing from a bad install/uninstall.

Please close all running programmes - Especially utilities such as AdWatch, Abtrusion protector & System Safety Monitor as they can stop changes to the registry that effect both the install/uninstall process.

It is very important that the old registry start key below Is deleted
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run - ProcGuard_Startup"="\"C:\\Program Files\\ProcessGuard\\procguard.exe\" -minimize

And then reboot your machine

After which you must ensure that the procguard.exe shortcut is in your start up folder.

Also ensure that the files are dated as above

Protection should be running correctly as long as procgurd.sys & pg_msgprot are both running. Once you have enacled protection in procguard.exe then it does not need to run on the desktop.

When first enabling protection ensure that Protection - General protection 1 - 4 are enabled.

Test with APT

 

I do hope that Jason et al will check the PG Installer and confirm there is not a bug that is putting the Registry RUN startup entry in. That is the only way it could have gotten there on my system when revving up to PG 1.2 because I had PG 1.5 not even start up on computer reboot because of the kernel mode failure. I would start PG 1.5 manually if I wanted it after a reboot.

 

I'm not sure about it being put there by the installer as I cleared the registry before installing 1.200 and had no problems on three different machines
But each PC is different.

 

I can confirm for sure that the installer does not alter the registry in regards to startup. The only startup the installer writes now is a LINK to procguard.exe in the Startup folder. I don't know what is adding procguard.exe to your RUN key if there is something adding it, but it can't be the 1.200 installer.

-Jason-

 

Done this as well. I feel as if I am fighting a never ending battle. I don't know what else to try. Hopefully something can shed some light on the matter. FYI: I have a fresh install image that I am gonna load and see what happens. Probably be later today after I get home. Will post back with the results

 

Eliot, If you feel comfortable with regedit, Disable protection, uninstall PG, delete all pg's files except your key. Open regedit search for procguard and delete every key you can. Reboot - & then try re-installing.
Ensure no other utilities are running and that you have full Administrative rights.

 

No fear of the registry I lived there in Win 9x

I have several keys that I do not have permission to edit. Hmmmm, I AM the administrator. There is no other account on here besides the guest account. Now that is just puzzling. If I do not have access, then no one can.

 

OK, I have hi jacked the keys with full control. Deleted and gonna shoot for install again.

 

Legacy keys I believe
Here is how to delete them: Although it should not be necessary.
Right click on the key that will not delete - Select "Permissions" Click allow then apply - You should now be able to delete the key(s)

 

DELETED!!!!!!!!! PG LOADS ON BOOT WITH NO ERROR!!!!!!!!!!!!!!!!!!!! SORRY BOUT THE CAPS, BUT DARN I AM HAPPY NOW!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Much thanks to all who helped in this thread. Thanks to Registry First Aid which allowed me to locate and delete them all together.

I had to give myself permission to edit/del them. And yes, there was 2 keys "PROCGUARD" AND "PG_M...." I forget the spelling of that one, but it matched the file almost exactly from the PG directory. Both were Legacy keys

 

I believe that..., if you disabled the registry key startup for Process Guard v 1.15 by using a selective startup configuration (Run>MSCONFIG>StartUp tab>uncheck Process Guard entry>Apply) to prevent the "could not attach" error, followed by starting the PG GUI manually, that inactive registry entry will not be removed when PG 1.15 is uninstalled. Depending upon what you do after the PG 1.15 uninstall (i.e. go from Selective to Normal startup), you could have an entry causing PG to start from a registry key, in addition to the now default Startup folder. Just a guess on this though.

Blue

 

Hi BlueZannetti, I should say it is a well founded gues too! Have a Karma cookie!

Let's hope Eliot has better luck after removing all the keys

 

Look up 3 posts Its working great. Thanks again

 

Well done Eliot - Karma cookie for you!

 

*munch munch*

Thought so - Jason knows how to fix it ! thanks again Eliot for trying things earlier with me ! Enjoy

 

Have put this startup thing on my "watch out for" list for when the next version of PG is released...just in case.

As for now, I'm just glad everyone is getting straightened out and PG 1.2 is working awesome.

It sure would be great to have a little utility that allows a user to export their list of programs and then import them back into a re-install or new version. Guess that could get dangerous though depending on the extent of changes in a new version. I know! I know! ...never satisfied

 

I installed new version yesterday and have been following this thread since I was having the dreaded "kernal could not attatch error" too.

I went through and did all the suggestions as they were being posted, and still was having the problem. I even went as far as trying to install in safemode under the admin account, but that gave me an error (failed to install process guards driver) so don't bother trying that way

I found today the new suggestions and tried those too, but still getting error... then I saw the post about the legacy keys and went ahead and uninstalled in safemode ( 7th time ) deleted all reg keys again and all the other suggested things to delete / check for, only thing I did different was delete the 2 legacy keys that wouldn't delete before... rebooted and reinstalled again.

Install went fine again and rebooted... this time I didn't get the error so I shut down for a few minutes and started up and got error really frustrating but I found that this time it didn't ask me about adding the default protections and there were none in the list. So I went into registry {HKLM\Software\Diamond Computer Systems\Process Guard\BeenRun} and changed this from 1 to 0 so PG would ask me to add the default processes after reboot.

Ok so I rebooted without error and was asked to add default protection which I did. So tested it for a few reboots and saw some logging so I added BOC and SAV to protected list with allowed flags which stopped the logging.
Have went through several more reboots and shut downs / startups and all has been good so far.

I'm thinking that it was deleting the legacy keys that eventually did help me along with modifing the been run key, So I feel that the uninstaller needs to be uprgraded to delete all the keys / modifications that PG does to your system when installed and running. With that implemented we should have no more of these problems.

I'm posting this as a thanks to everyone who has posted / replied in this thread and as also in hopes that this will help in the futher development of this fine product.
[glow=green,9,500]Thanks[/glow]

 

Protek, I am pleased you have it working after all your trouble. There is certainly a problem with the install/uninstall and I know that Jason is well aware of this discusiion, so I am sure we will hear back from him

You have a karma cookie from me - Enjoy!

 

I'm quite happy to report that - following just the basic instructions on how to go about replacing the old with the new - everything went just fine, including re-starts. Pete

lol! I just noticed, when going to "Help", "About", that you now have to close that window using the HID. Is that by design?

 

Anytime Gavin! You just got a karma cookie as did Pilli. Oops I gave you both 2 today Im just glad to have all my DCS programs running 24/7

 

Well I ran my defragmenter and now kernal mode error is back

 

Try disabling the schedule service of Perfect Disk and see if that helps any

 

That made no differance on this laptop... Time to fire up my startup delayer and delay PG for 60 seconds like I did on the last version.

I really think it has to do with laptop's booting slower then a desktop, not to say this is really that slow, it's a PIIIm 1.2 Ghz with 512 MB ram... but the spindle speed of this 30gig drive is just slower than a 3.5" drive and I doubt if it has any (buffer) cache on it.

Owell I'll just delay it and wait for the next version.

 

I usually get the kernel mode error when I turn on the machine. Rebooting: no error.
(Even after getting the error, ps_msgprot.exe is running).
PG 1.2, first install, starts from Autostart, nothing in ..\Run... registry.

If I can live with this can PG and is my machine protected?