TDS: execution status, ms agent, shutdown questions

Discussion in 'Trojan Defence Suite' started by Justin Smith, Feb 23, 2003.

Thread Status:
Not open for further replies.
  1. Justin Smith

    Justin Smith Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    13
    Location:
    New York
    Hey there,

    New user here...

    1. I read the configuration information, but I'm not sure this question is covered: Is there a way to run TDS as a background process, rather than as an application? I guess it doesn't really matter.

    2. I did a search on MS Agent and didn't find any posts....Although the speech feature is groovy, I prefer to keep processes at a minimum (28 after disabling most of the MS services defaults is enough for me!). Is there a way to disable MS Agent? It seems that TDS activated Agentsrv.

    3. TDS, WG, PE, NOD32, Sygate, AdAware, CookieCop, and McAfee QuickClean all seem to be getting along alright, but I have noticed that TDS sometimes tends not to want to 'end' at shut down. OK, now, I should say this IS a freshly rebuilt XP 2600 SP-1 system, which I noticed had abend issues and some shutdown issues the last time it was a fresh system (numerous 'serious' system errors and crashes) which, strangely, gradually resolved themselves over time (XP is self-healing? o_O Or did all those Windows updates actually do some good? :D). Similarly, on an NT-4 SP6a system with NOD32 (but with Agnitum Tauscan and the Cleaner rather than TDS), the NOD32 frequently doesn't want to 'end' at shut down (I will take that up in the NOD forum). Has anyone experienced similar shutdown issues, and I should say here I do regard these as relatively minor?

    Despite these minor things I am quite happy so far having thrown NAV 2003 overboard like the boat anchor it is, and moved to TDS and NOD32 (NOD32 found a real oldie virus on my NT4 machine no one else found (antiCMOS)).

    Incidentally, I bought the Microsoft Windows Security Inside Out book (only $45, ooh such a deal! :rolleyes:) and check this out from the section on disabling unneeded services: p. 582: "Windows XP and Windows 2000 offer a lot of services, and too many of them are up and running by default. By shutting down services you don't need or use, you'll improve both security and performance." REEEALLY?? :rolleyes: Don't worry folks, I'm making sure not to crack the binding, I may return this book, but in all fairness the descriptions of the services and what they do is OK. I still want to know what COM+ really does, MS' descriptions are pretty vague!
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Justin,
    Welcome to the TDS family!
    To help you out with some parts of your questions:
    Does your XP include a kind of taskinfo showing the loads of each program?
    Are you using a trial version or registered one?
    TDS is an on demand scanner, the only resident part is the exec protection which is only available in the registered version. Further does TDS nothing till you ask it to do some either with your commands or SS3 scripts to run.
    For me it is central on my system, doing a lot from there :)
    The most load it takes at scanning processes, trying to take as much CPU as available to speed up scanning. In that time i run as few other processes as possible till finished.
    In the process list you can see what's running and the files started by the processes.

    MSagents: of course, you can kill the agentsvr process manually. If you need it afterwards in any program guess you'll need to reboot, if starting it manually doesn't work anymore then.
    I use it in scripts and as a desktophelper voice controlled jumping to sites and forums, sending emails, etc.
    Think msagent takes about 1mb till playing.
    With killing the agentsvr you might still enjoy the speech part via TDS (friendly greetings and in scripts).

    TDS does go along well with most other programs, as there is a list posted on top in the TDS forum from people's experiences running with other programs.
    Did not hear yet about others not to combine.
    For the shutting down: did you in the configuration check the "confirm shutting down"?
    Shutting down on XP i'll have to leave for XP users. I guess here's a system setting which can be better, or a system file maybe corrupt, such a thing.
    It's not a minor problem, it just should be solved somehow.

    TDS and NOD32 are an exellent combination, many users have.
    And great, victory, about that virus find immediately.
    I felt the same contentment running Ad-aware 6 finding an old registry thingy of a nasty i think was deleted "years ago" and which the older AAW version never alarmed for. I always like some confirmation a program is working, but of course i like most to see it's an innocent test or thing like that!

    I googled some "COM+" links for you, hope they open a few new ways for you?
    http://www.microsoft.com/com/tech/COMPlus.asp
    http://www.microsoft.com/com/default.asp
    http://www.cetus-links.org/oo_ole.html
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    :) Welcome Justin, Thanks for your compatibility list - Would be nice if you could add it to the sticky thread above http://www.wilderssecurity.com/showthread.php?t=6232 - Thanks

    About shutting down problems in XP I have XP Pro and just recently , after doing some updates, when doing a restart I have to perform the restart operation twice - Very strange o_O If I let my auto timed switch off operate no problems!
    Gotta feeling that the security updates are to blame & that they are either upsetting XP or are not totally compatibe with one of my istalled programmes.

    XP does have some self healing capabilities & some self performance adjustments for instance over time it will boot faster after new installations by altering the boot loading automagically. There is a free utility for this called Boot Viz which accomplishes the same thing but quicker :D
     
  4. Justin Smith

    Justin Smith Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    13
    Location:
    New York
    Jooske:
    1. Yes, I can see running processes in task manager, though if there is a way to see deeper than that, to drill into each task of each program, I'm not aware of a means to do that yet.
    2. Yep, my TDS is already registered, as is WG, PE, NOD32, etc. It's not taking up much in the way of resources, I just noticed that it shows up as an 'application' as well as a 'process', whereas most of these other security tools show up as 'processes' only. I guess it doesn't really matter.
    3. To kill agentsvr, is the best way at this point to go to MSConfig and un-check it as one of the startup apps/services/processes? I got rid of Adobe acrotray.exe that way, and I think I'll do the same with my XP printer drivers. XP really has a way of bloating-out with processes. XP printer drivers seem to take up a lot of overhead. The Lexmark Z23 XP driver installs 3 .exe programs on the system that run at all times (including an ink level monitoring app) whether you are connected to the printer or not...altogether take up about 20M of RAM...seems sort of ridiculous. I called Lexmark and all they had to say was, "It's a host-based printer," so I shouldn't complain. Yeah, I get that, but the driver footprint should be a lot smaller when I'm not even connected to the printer! OK...I'm rambling...
    4. I just checked 'confirm' before shutdown, maybe that will help with the shutdown.

    Pilli:
    Hmm, that's interesting that XP gets better with age. So few things do.

    I'll be reading more, thanks for the links, I have to go but I'll try to add my stuff to the sticky thread.

    Oh, incidentally, on WG..."day-um!!" That thing works! It picked out 'virus' in the NOD32 POP3 manual. Suddenly, out-of-the-blue, WG leaps into action. How the heck does that work? Where is that process running?? I'll go to WG forum later...
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Justin Wrote

    "1. Yes, I can see running processes in task manager, though if there is a way to see deeper than that, to drill into each task of each program, I'm not aware of a means to do that yet."

    Justin, To dig deeper try one of Jooske's favourite tools:http://www.faberbox.com/fabertoys.asp This will show you the dlls's etc spawned by each process.
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Aha Pilli i knew you would mention that one, :)
    Another way of course is in a process in the TDS processlist doubleclick it to see the processes belonging to that host process. You can scan or kill them individually from there, or with the "more" button look little deeper in each dll or file.

    I wonder if the agentsvr wants to be disabled from startup in windows, as it's so much integrated in XP, but you know how to get it back -- you could gtry what happens if you kill it from the TDS > process list and try your Office or other tools where it is integrated or running some of our scripts and see if the speech technology in TDS is still working if you kill the msagent. It takes only at most 1mb or even far less if not active running a script, so don't worry too much about the agent.
    When killed, type something in the TDS console like
    speak "hello Justin!" and see if it still speaks.
    Before you kill the msagent, make sure you have the msagent character Genie in your Chars folder (could be on your cd-rom) and do try to run the "InnerPeace" script, to know if all is working correctly and you might like his recommendations :D

    I'm not really surprised XP gets better after SPs and patches and such, adding files it really seems to need to run better :)
    Remember win2000 was known for needing 65,000 additions to be at least a bit ok, so what can i say from XP? :)
     
  7. Justin Smith

    Justin Smith Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    13
    Location:
    New York
    On 'answersthatwork' I found a description of Agentsvr.exe that says if it is running, it has been activated by a program (in this case, TDS-3), hence I should leave it alone. I'll do that. I'm on a portable and I just like to keep the processes to an absolute minimum.
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Justin, "answersthatwork" where?
    Yes, TDS activates it for speech and script use, but TDS would not get any problems when you close the agentsvr.
    So you can experiment with it without endangering your security in any way.
    You could type your local host id 127.0.0.1 or whatever you use in the "target host" display and do an interrogation scan or other and listen for TDS speech alerts. If you have your sockets enabled you could hear a few!
    Now close the agentsvr and try another time, so you know if it is still alerting with speech. If not, it might be necessary to reboot to have the agentsvr started properly for all programs.
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
Thread Status:
Not open for further replies.