Process Logger Service

Discussion in 'other anti-malware software' started by Mr.X, Mar 17, 2017.

  1. guest

    guest Guest

    i still can't run it.
     
  2. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    Did you try to install it via the install.bat from the Admin account?
     
  3. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    I am pretty sure if guest turned off all his security stuff and followed the directions he will get it. He is a smart cookie.
     
  4. guest

    guest Guest

    Is it necessary for it to function? because i won't use it from an admin account , i'm 99% of the time on SUA.
     
  5. guest

    guest Guest

    Admin rights are only needed for the creation of the service (see "sc create ..." in the install.bat)
    After the creation it is running "all the time", no matter in what account your are currently logged in.
    You don't have to launch the executable directly, the installed service is launching it.
     
  6. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Which "Exit Status" codes should I expect?
     
  7. guest

    guest Guest

    You should see Exit Status: 0x0 for "normal" Process Terminations.
    If you kill a process with a process manager, you can see 0x1
    For crashes of a process you might see 0x000000c5, or other exit status codes. It depends.

    As long as you can see 0x0, all is fine :)
     
  8. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
  9. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Did a list for Exclusion.db:
    Code:
    *audiodg.exe
    *services.exe
    *svchost.exe
    *winlogon.exe
    *LogonUI.exe
    *mobsync.exe
    *userinit.exe
    *SearchIndexer.exe
    *SearchProtocolHost.exe
    *spoolsv.exe
    *WmiPrvSE.exe
    *WUDFHost.exe
    *HeciServer.exe
    *IAStorDataMgrSvc.exe
    *jhi_service.exe
    *LMS.exe
    *nvvsvc.exe
    *nvtray.exe
    *nvxdsync.exe
    *RAVCpl64.exe
    *ramdiskws.exe
    *SbieSvc.exe
    *SbieCtrl.exe
    *DefenderDaemon.exe
    *Service.exe
    *ERPSvc.exe
    *EXERadar.exe
    *SecureFolders.exe
    *AppCheck.exe
    *AppCheckS.exe
    *AppCheckB.exe
    *AppGuardAgent.exe
    *AppGuardGUI.exe
    *LicQueryApp.exe
    *vmnat.exe
    *vmware-authd.exe
    *vmware-usbarbitrator64.exe
    *vmware-hostd.exe
    *vmware-tray.exe
    *vmnetdhcp.exe
    *wfcs.exe
    *wfc.exe
    *USBSafelyRemove.exe
    *WiFiGuard.exe
    *GoogleUpdate.exe
    *update_notifier.exe
    *EasyNetMonitor.exe
    *msoia.exe
    *IDMan.exe
    *IEMonitor.exe
    *IDMGrHlp.exe
    *PsnLite.exe
    *PSNGive.exe
    *XMouseButtonControl.exe
    *notepad++.exe
    

    I mean, they are logged every time I boot and some repeat over and over again.
    Any pros and cons for excluding them?
     
  10. guest

    guest Guest

    @novirusthanks
    Bugreport - Process Logger Service v1.3:
    In the logfiles i can see wrongly formatted dates of Process Creations:
    Code:
    [Process Creation]
    
    04.03.2017 00:03:08
    
    [Process Termination]
    
    03.04.2017 00:03:14
    Process Creations are showing 04.03.2017, but it should be logged with: 03.04.2017
     
  11. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Is there some way to set a cut off point for the log?

    It might fill up if this service is allowed to run all the time like I want it to do.
     
  12. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    This may not be the answer to your question, but it keeps a log for every day and one can set DeleteLogsOlderThanNDays=n in Services>Config.ini

    One can't limit the size of the daily log.
     
  13. guest

    guest Guest

    Each day (00:00:00 - 23:59:59) = one log-file
    You can expect a file-size of 3mb up to 6mb for each day, it depends.

    If you plan to archive your logfiles, these files have a good compression ratio of ~1%
    (900mb of log-files =~ 15mb rar-archive)
     
  14. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499

    Are you saying the logs were from March and Not April?
     
  15. guest

    guest Guest

    The log is from April. It should show "03.04.2017" instead of "04.03.2017" (Process Creations)
    But Process Terminations are correctly logged: "03.04.2017"

    It was always showing: "day.month.year" for Process Creations and Process Termination in earlier versions.
    This has changed with v1.2 and newer versions
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Got it. Thanks a bunch for clarifying.
     
  17. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Month, day, year is how we do it the USA.

    To get those dates, it has to be looking at your system clock info, I would think.
     
  18. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    @mood

    We'll fix it in the next hours,the datetime format (for creations and terminations) will be set to month.day.year same as most of the other service-only apps.

    @Mister X

    I would exclude processes not like *svchost.exe (that is unsecure as also 123svchost.exe will be excluded) but with the full path, i.e:

    C:\WINDOWS\System32\svchost.exe

    Or at least like *\svchost.exe
     
  19. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
  20. guest

    guest Guest

    Thank you
    :thumb:
     
  21. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    Fixed, you can re-download the zip file again (always v1.3).

     
  22. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Thank you.

    Can I just overwrite ProcLoggerSvc.exe ?
     
  23. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    Yes, that is fine.
     
  24. guest

    guest Guest

    Now [Process Creations], [Process Terminations], [Service Event] and the filename of the log-file have a common datetime-format :)
     
  25. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Yes they have, I can confirm so.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.