Sometimes PG is asking me questions or just making statements I don't know how to respond. Just now I get the message: wmiprvse.exe tried to install a driver/service. Okay, wmiprvse.exe located in sytem32/wbem is part of the OS, dealing with WMI operations. Under the security-tab it has been granted a 'permit always'. So, why does PG give me this message, what does it mean: 'wmiprvse.exe tried to install a driver/service' and what to to do with it? To be honest: I always feel a bit annoyed when the program asks me this kind of things without explaining what it means. A good virusscanner gives you information about the virus it detects. Is it really so difficult to offer more information about a message like the above, for instance with a right mouseclick?
I believe it's because you have given wmiprvse.exe permission to always run (on the Security tab) but not given it permission to install driver/service (on the Protection tab). My advice would be to give wmiprvse.exe the permissions it requires. Maybe this post will help: https://www.wilderssecurity.com/showpost.php?p=139151&postcount=2
Thanks. Sorry I couldn't reply earlier. When I installed PG 3.4 it asked me to allow the running processes (or something like that), wmiprvse.exe must have been one of them, so it came under the Security tab. I didn't yet know this file. But what is so important about wmiprvse.exe that PG alarms me with the message that it's trying to install a driver? A file like userinit.exe is granted this privilege automatically. I'm rather busy, why wasting my time with this kind of questions? It would already be more cooperative when PG offered me ANY information about a message or a question like this. Wmiprvse.exe is okay and needs to install a driver. Well, big deal. Why do I have to know that? Do I have to know EVERY little file in my system before I can use my computer safely? I think it's one of the weaknesses in PG. I expect a program like PG will warn me when something dangerous threatens me. I'm not waiting to be informed about every little trifle which is just doing its job.
The thing is, sometimes system applications can be patched by malware and will perform actions out of the ordinary. So if a program such as Internet Explorer is trying to install a driver when it normally wouldn't, these alerts are relevant. ProcessGuard makes sure your system is performing properly by alerting you to the actions of the programs. It doesn't know what permissions these programs need automatically hence the Learning Mode, which should be run on first install and reboot or two.
With all respect, I know all that, used version 3.3, installed 3.4, went over the PG-procedure again, checked what I found under the different tabs, and so on. When all this has been done you expect to be warned at the moment something could be a danger. PG tells me: wmiprvse.exe tries to install a driver. That's it. No information, no explanation, no advice, no nothing. What is wmiprvse.exe? Is it dangerous? And what to do? You spend some time finding out, time which can be used better, only to learn that wmiprvse.exe is just one of these files the OS needs. It doesn't make me happier. Sure, it's a fine program, Process Guard, but at the same time it has some rather unprofessional qualities.
As I've said, though. ProcessGuard doesn't know what the programs are, so it can't always know why a program is doing the things it's doing. The fact that the progam is trying to install drivers seems abnormal to me as I have that disabled and haven't had any warning so far. I know it can be a pain not knowing what a process is and why it is requesting these priviledges, but keeping a database could become a pain as there are any number of software applications available. Add that to the fact that malware will use the same name as valid processes (plus the number of types and variations keep increasing) and it can seem futile. In regards to common Windows OS process, if possible, I would like a database or an entry in the help describing what permissions they should require. They do have a database of some common processes on their site which describe necessary permissions (just an FYI).
I completely agree with that. It would make PG a bit less puzzling for the common user (not necessarily being a n00b). Just now I downloaded the PDF helpfile from the DiamondCS site, when I opened it PG immediately gave me the message: acrord32.exe tried to install a driver/service. A courteous and professional PG-gesture would be: right mouse click and WOW, there you see at the same moment some relevant information about acrord32.exe. As I wrote: PG is a fine program. Because I was curious about it I asked at another forum (of computer addicts ) who was using PG. So far nobody appears to do so. One person replied. In his view PG was a totally superfluous program. PG, in its actual form, is not very well-known or popular. My personal experience is that the average user, who loves his Norton, doesn't understand AT ALL what PG is all about. So, my humble advice: when you want to make this program more well-known, make it more accessible in the first place. In this respect a good start would be better, easier and more specific information.
Hmm, I agree, this would be a nice feature, but if you would like to have a look here http://www.file.net/process/index.html you'll see this would be a really huge kind of database, however.
I agree that ProcessGuard is not for novices, even using Learning Mode (IMO, at least). This is unfortunate since it is a very useful program. The main problem lies in when people are installing either updated drivers or programs that create their own service (i.e. security applications). Anyways, I'm not going to debate the issue of how big of an undertaking a database of processes would be (IMO, it would take a lot of time and effort), but a smaller database of builtin OS components and maybe some common programs would be nice. On side note, processid.com is listed in the MVPS host file (which I just found out by clicking the link). Also, McAfee's SiteAdvisor flags it as a bad (red) site.
Sorry to stray off topic again, but I can't say if processid.com is a bad site or not. It does link to sites of questionable repute, such as malwhere.com. Said site is the homepage of software formerly on SpywareWarrior's Rogue Anti-Spyware list (due to packaging adware/spyware with their software). According to SW, though, they are no longer considered suspect since they hadn't packaged their software with malware for at least 3 months. There is/are (an)other link(s) on processid.com to red site(s). Haven't really checked their reputation, though.