Process Logger Service

Discussion in 'other anti-malware software' started by Mr.X, Mar 17, 2017.

  1. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,795
    Location:
    .
  2. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Thanks for both comments. Easy to retain just a few days then, and agreed, rather log everything!

    And nice find. I am enjoying this proggie. Only change I've made is to log to my FIDES-protected external USB, rather than SSD system drive (this after discovering that Hard Disk Sentinel rates it only 'Acceptable' with Wear Levelling Count of 49 - threshold 5 - and estimated remaining lifetime only 279 days! :eek:. Hope it's wrong, this laptop is just over two years old).
     
    Last edited: Mar 20, 2017
  3. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,795
    Location:
    .
    Did something quite similar: pointed log file to a local HDD, drive D:
     
  4. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    A cheap SSD should be good for at least 5 years. And one should never defrag a SSD. A high quality one that as also cost a lot of money will last your lifetime.
     
  5. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    Should release a new build soon with option DeleteLogsOlderThanNDays in the Config.ini file, example:
    DeleteLogsOlderThanNDays = 7 ----> Delete log files older than 7 days
    DeleteLogsOlderThanNDays = 0 ----> Never delete logs
     
  6. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Thanks NVT

    Save some people the option to right click and select delete:D
     
  7. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Agree. I was just surprised at the Wear Levelling Count. CrystalDiskInfo shows the same but does not give a 'warning'.
    Excellent :thumb:.
     
  8. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    It was my Firefox DownThemAll! add-on. Somehow doesn't like that download.
     
  9. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Now working on both my Win 10 machines.
     
  10. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Scratch that. It is something else that prevents some downloads, but very few. Smartscreen maybe?
     

    Attached Files:

  11. guest

    guest Guest

    Hard to say with looking at the screenshot.
    FIDES, Sandboxie, a browser-extension ... Try to run the browser unsandboxed, and download it again.
    If it fails again, start the browser in safe mode with all extensions disabled. If it is working now, you know that a browser-extension has prevented the download.
    Deactivate one by one to find the culprit.
     
  12. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Yes, I was following that path. Time consuming, but necessary if it continues to raise its ugly head.It has only happened once more with another download.

    I thought it was the DownThemAll! add-on but then it happened also with that extension disabled. And with browser unsandboxed.

    FIDES is only being active for my external USB drive.

    Anyway, I guess this is OT.
     
  13. guest

    guest Guest

    I think this is the right place to answer, so i'll do it here :)
    For example if i want to search for processes in my logfiles i'm using the filemanager Total Commander.
    It automatically searches all logfiles in the path which is mentioned in "Search in:"
    Total_Commander_search.png
    I'm pretty sure there are other tools which are able to do this.
     
  14. guest

    guest Guest

    @novirusthanks
    Is it possible to add the logging of the "exit status" of a process?
    So the user knows if it's a regular termination: 0x0, "forced termination" from the user: 0x1 or a crash: 0xc0000005,etc.
    I took these example from Process Hacker, which is able to log the exit codes.

    For example it might look like this:
    Code:
    [Process Termination]
    
    23.03.2017 00:01:14
    Process: [8296] C:\Windows\System32\dllhost.exe
    Exit Status: 0xc00000005
    Uptime: ~00:00:06
    It can be useful to log this. The user can search for abnormal process terminations in the logfiles, if needed.
     
  15. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    Yes, here is a new build v1.3 for testing:
    http://downloads.novirusthanks.org/files/ProcessLoggerService_TEST.zip

    This is the changelog so far:

    Let me know if you find any issues.

    Example log of "Exit Status":

     
  16. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,795
    Location:
    .
    Thank you.
     
  17. guest

    guest Guest

    Can't run the test version on SUA even via "run as"
     

    Attached Files:

    Last edited by a moderator: Mar 24, 2017
  18. guest

    guest Guest

    :thumb:
    Thanks. It's working and the correct Exit Codes are logged.
     
  19. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    585
    A little OT, but re svchost info, Ive found this to be pretty useful...
    https://svchostviewer.codeplex.com/

    Woops not for W10 I guess... I use it in W8.1 and it says its for up to W7... might be worth trying? There are some other programs like it also....
    Heres another...
    http://www.majorgeeks.com/files/details/tweaking_com_svchost_exe_lookup_tool.html
     
    Last edited: Mar 24, 2017
  20. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
  21. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
  22. guest

    guest Guest

    Are you both on Win10? i think not because it seems it can't run yet on it.
     
  23. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Hi @guest, in my case, working on both Win 10 machines.
     
  24. guest

    guest Guest

    ok so maybe because im on SUA.
     
  25. guest

    guest Guest

    No, Win8 :) (see signature)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.