Process Guard Driver Public Beta

All is not well. I have been having no crashes, but I have been experiencing some problems with applications which use global hooks. The problem is that the applications launch, create their tray icon, and then exit mysteriously. The tray icon even stays there--until I put the cursor over it.

No crash dialog occurs, nor any event viewer entries. This problem has so far occurred with applications that load at boot, and I believe each time it has happened, I did not have the procguard.exe running (but protection was enabled--of that I am certain).

Yes, for each application this has happened with, I do have global hooks allowed in PG's configuration. In other words, I have global hooks blocked in the general options, but I have global hooks allowed for the relevant applications. (I normally have zero entries in PG's window.) I have not tried duplicating the issue with global hooks allowed in the general options.

The two applications it has happened with are KatMouse 1.01 and IntelliPoint 3.20 (yes, I know that IntelliPoint 3.20 is not "supposed" to be used with WinXP. That's not the issue. I have been using it on WinXP for years without a problem.)

No entries appeared in PG's window or log when these application exits occurred.

Of course, the programs are initially loading (or, obviously, their icons wouldn't even appear). My mostly-uneducated guess is that this is a timing issue of sorts.

I had one other issue just a few minutes ago, that being a system freeze. This happened while Raxco PerfectDisk 5 was running in the background. Again, I've been doing things this way for eons, and never had these issues.

 

Someone else has also mentioned a systray ICON issue with the BETA driver but not the normal PG v1.300 . That is programs loading their icon but the program isn't actually there, and it only happens to items on startup.

Hopefully the next build will fix it, none of our testers or our machines have experienced this issue yet. Maybe Nicholas will explain his issues here too.

-Jason-

 

As Jason mentioned, I'm having similar problems with the beta driver and BOClean and Stardock's CursorXP:

1. With General Protection Options/Block Global Hooks enabled, BOClean and CursorXP will randomly fail to autostart (about 1 in 4 reboots). Sometimes one will fail and not the other; sometimes both will fail.

2. With General Protection Options/Block Global Hooks disabled, BOClean and CursorXP autostart consistently (tested over 20 reboots).

3. With General Protection Options/Block Global Hooks enabled and only the default settings in the Protection List, procguard.log shows the following at startup (when BOClean and CursorXP do successfully startup):

5 Mar 11:01:36 - [HOOK] c:\program files\nsclean\boclean\boclean.exe [824] was blocked
from creating a global Shell hook [0000000A][00000000]
5 Mar 11:01:36 - [HOOK] c:\program files\cursorxp\cursorxp.exe [940] was blocked from
creating a global Mouse hook [00000007][00000000]
5 Mar 11:01:43 - [HOOK] c:\program files\tgtsoft\stylexp\stylexp.exe [952] was blocked
from creating a global Debug hook [00000009][00000000]

4. If I have General Protection Options/Block Global Hooks enabled and include the above files in the Protection List and grant them Options/Allow Global Hooks but no Allowed Privileges, BOClean and CursorXP will randomly fail to autostart.

5. BOClean and CursorXP autostart consistently with the 1.300 non-beta driver with Block Global Hooks enabled and the above files granted Allow Global Hooks.

When CursorXP fails to autostart, I have no mouse pointer at startup. When BOClean fails to autostart, there is no systray icon. Enabling "Audit process tracking" under Local Security Settings, event logs show BOClean.exe and CursorXP.exe processes created and later exiting:

3/10/2004,1:19:48 PM,Security,Success Audit,Detailed Tracking ,592,******************\Nicholas,******************,"A new process has been created:
   New Process ID:   1480
   Image File Name:   C:\Program Files\NSClean\BOClean\BOClean.EXE
   Creator Process ID:   1048
   User Name:   Nicholas
   Domain:      ******************
   Logon ID:      (0x0,0x1CD91)

3/10/2004,1:19:48 PM,Security,Success Audit,Detailed Tracking ,593,******************\Nicholas,******************,"A process has exited:
   Process ID:   1480
   Image File Name:   C:\Program Files\NSClean\BOClean\BOClean.EXE
   User Name:   Nicholas
   Domain:      ******************
   Logon ID:      (0x0,0x1CD91)


I am able to start both manually and both run without further problem. At the moment, I enable Block Global Hooks after startup and disable before shutdown.

Nicholas

 

Hi Nick and welcome Thanks very much for your very detailed report, I am sure Jason will respond soon.
Today we had the first installer version of 1.400 B2 and it is working very well for all the beta testers (I've just read the beta forum reports).
Interestingly one of the testers was having problems with Perfect disk 6 and these problems have now been cured for him

 

Did the PerfectDisk problem involve a system freeze?

 

Hi Nameless, I believe there was some sort of conflict with PG, Perfect disk and Goback - Not sure if it was actually freezing the system.

 

If i have well understand, the answer is yes (at least some minutes)

 

Well, I don't use GoBack, and I had a (totally uncharacteristic) system freeze.

 

Thanks, but I don't need to update PerfectDisk; version 5 works fine, and has worked fine for me since it was released. I see absolutely no substantial improvements in version 6 that warrant an upgrade.

More importantly, system freezes are not the norm for me, no matter when I run PerfectDisk (which is generally every night). When I use a defragger for over a year with no issue, then something does go wrong, I look at "what changed"... which wasn't the defragger!

 

Well I don't have that kind of time or patience. When I pay for software, I want it to work. I'm not on the payroll. I wash my hands of it.

And speaking of being on a payroll, I haven't been in a long time. I need to spend time elsewhere, not on compiling debug info for utilities like this. I asked for a refund recently and was told I could get one, and now after asking again I am meeting with resistance.

I'm not a happy guy. But whatever, right?

 

Well since there is a freeware version to try first I think you can work out whether or not it will work on your system before purchasing it. Also most of your problem(s) can be fixed by disabling Global Hook blocking which I think is what Gavin told you to do until the next version.

A new version of Process Guard is also going to be out soon that will fix bugs and add new features. What isn't there to be happy about?

A program like Process Guard isn't going to work 100% on 100% of machines in the world, we can only do our best to make sure it works 100% on the machines we test on and our beta testers machines. This is what we do before releasing it.

As for certain software not working with other software installed, this isn't a new event. If you install most AV software it also conflicts with a lot of software also, if you install a firewall it breaks certain programs. Would I rather have PG installed or PerfectDisk? Do I value security over performance? Yes. As Peter has said PerfectDisk has some problems, it isn't a perfect program even in version 6.0 and I would say version 6.0 would most likely have less bugs than the earlier 5.0. v6.0 at least works with PG which means they fixed something which doesn't make it complain with PG installed. Just because you have something installed first doesn't make it any less buggy.

And I know Process Guard has issues with certain computers and we are doing our best to fix it as can be seen by the many updates we have already done and ones we will be doing. PG is going to be an integral part of TDS-4 so we are making sure we get it working nicely.

-Jason-

 

I have to observe that I am rather conerned by Jason's latest response to nameless. It is fine that a vendor should stand behind his product, but when a customer reports he is unhappy I don't expect a vendor to remark "What isn't there to be unhappy about?".

The simple fact is, as admitted by you Jason, that no piece of software will work 100% of the time for all customers: when a customer is one of the exceptions, as nameless clearly is, then it is perfectly natural and understandable that the customer is unhappy. It is less than professional for the vendor to question his right to his feelings.

I would expect a vendor to grant a refund without question, rather than to fight a corner and make ingenuous excuses (like blaiming the customer for purchasing in the first place, as you have done, with "Well since there is a freeware version to try first I think you can work out whether or not it will work on your system before purchasing it"). This is in the vendor's best interests, too: I have no doubt that other prospects visit this forum before purchasing, and that some will decide not to purchase when they see your post (as I would have done if I had read this attitude before purchase, irrespective of whether I liked the product). It just isn't sensible business practice for you.

 

It was actually, "What isn't there to be happy about?" . As in PG has a bright future with bug fixes coming, etc.

You buy Process Guard knowing there is no refund policy on it. So it is no use saying it is what we SHOULD do or what you expect us to do, the fact is we havn't said we would. Most shareware companies also work in a similar fashion. Why? Usually because a few people buy the product and get a refund simply so they can use the product for free. If we had no Try Before you Buy I would whole heartedly tell you there would already be a refund policy in place.

At this moment we don't have a "refund" policy, simply for the points I stated above. That is you can trial the program before buying so we leave it up to users to figure out whether or not the program will work to their satisfaction. Clearly if you just buy programs without knowing whether or not they work on your system, especially with something like PG who else can you blame for that? Bugs exist in all programs it is up to YOU to decide whether these bugs affect your system.

He bought the program knowing we had no official refund policy, if this bothered him we could have worked out something before purchase or he could have not purchased it. Regardless of that however we have endeavored to fix nameless's problem and many other problems people told us about.

That being said I had discussed having a 30 day money back guarantee a few months ago and we might be implementing something like this in the near future. It isn't wise for nameless to "complain" in a public forum about getting a refund whilst he is still in contact with one of our staff about getting one! It is just silliness.

-Jason-

 

Belligerence won't enhance your reputation either. I made an observation in good faith as a customer, and also as the MD of a software vendor. You *could* have said: "thank you for your feedback, which we will take on board" and meant it, rather than become even more entrenched and try to justify your stance even further. It's a pity.

 

We, like most shareware companies, don't have a refund policy for numerous reasons, but the main ones are:
- We offer trial/evaluation versions of ALL the software we offer for sale, so you can try the program without even paying a cent anyway - 100% risk-free evaluation, allowing you to test the software to ensure that it runs fine on your system.
- It makes it too easy for software pirates to simply register the software, get a refund, and then they can distribute the full version of the software illegally, which makes it harder for us to feed our families at the end of the day.

If you ever go to a shareware site and choose to buy the full version without trying the evaluation, then you're taking a gamble that 1) it'll work fine on your system, and 2) it won't conflict with any existing apps on your system. With the millions of possible combinations of software configuration available it's simply not possible to develop system-level applications (such as firewalls and driver-based apps such as Process Guard) that will work under all conditions. Personally, I would never purchase a firewall or similar system-level program without trying it first.

In regards to Process Guard, this is the first time in history that such a program has been created. Security programs have been around for decades, but it has taken until 2003/2004 for a program to be created (Process Guard) that actually addresses the issues of process attacks. This is a good gauge to use to see exactly how hard Process Guard has been to develop -- nobody else has yet been able to accomplish what Process Guard achieves, but it's also a good indication that Process Guard does some very 'low-level' techniques in order to achieve this level of protection, and with complexity comes an increased risk of problems (firewalls have had a long history with such problems).

Evaluation/trial versions of software are there for you - the user - to take advantage of. They allow you to see what the program is all about, try its main features, ensure it's compatible with your system, and ensure that you actually LIKE the program, BEFORE you fork out your hard-earned money for it, and then all problems like this can also be completely avoided. So the next time you go to a shareware page and they offer an evaluation version, take advantage of that!!!

Having said all that, thankyou to nameless and Steve Moss for your feedback - it IS appreciated. I hope you can also understand the precarious position we're in by developing something of this low-level nature -- I guess we were asking for trouble by going so deep into the kernel ... .

We'll close this thread now as we've got all the feedback we need regarding this beta driver -- Process Guard v2.0 is due out very soon, and we've had a lot of positive feedback already from our beta team so things are looking good! Stay tuned for more

Thanks guys