Alarming

Discussion in 'ProcessGuard' started by dallen, Jul 23, 2004.

Thread Status:
Not open for further replies.
  1. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    Please explain how Process Guard can be such a vital layer of my computer security when it seems to be rendered ineffective somehow without my intervention? The screenshot below shows my window log when I investigated the big red X through the PG system tray icon. It's as though I disabled PG's protection, only I did not. I did, however, manually re-enable the protection. :mad:

    http://web.ics.purdue.edu/~dallen/PG.JPG
     
  2. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Hello, Dallen!

    It appears from the screenshot that PG was disabled when it started. I've seen this happen twice before myself:
    1. I disabled protection manually, and restarted the PC. When PG started automatically upon reboot, it remained disabled until I re-enabled it.
    2. A number of weeks ago I had some problems and had to restore .dat files. See these posts https://www.wilderssecurity.com/showthread.php?t=36019 https://www.wilderssecurity.com/showthread.php?t=35914&highlight=.dat
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Yep, If you disable Process Guard and reboot it will remain disabled, until you re-enable it, this is probably by intent. We will have to await a DCS response on this.
    The same applies to learning mode, except after the first reboot on installation when learning mode is disabled.

    Pilli
     
  4. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    Pilli,
    The problem is that I did not disable Process Guard. o_O
    Had I been the one to disable it, I would not be alarmed. My fear is that PG either disabled itself or was disabled by something. However, I know two facts: 1)it was disabled 2) I did not disable it.
     
  5. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    Do you know if one has to disable PG and then enable it again after reboot. Usually when i see this anomaly I just reboot and PG is enabled and operating on startup as usual (from what i can tell).
     
  6. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Dallen,

    Just to confirm, you are saying that you are SURE that PG was enabled. You then resatarted your PC (for whatever reason), and when it was restarted you noticed that PG was disabled. Is this correct?
     
  7. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    This happens when pguard.dat gets corrupted/wiped/filled with zeroes. I am working on some things which will hopefully stop this from happening during blue screens/system crashes. Have you suffered any of these blue screens/restarts recently?
     
  8. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    Sorry for the delay in responding.

    Dazed_and_Confused,
    That is exactly what I'm saying. I am absolutely sure that I did not disable the protection. I turned my computer on, noticed Process Guard disabled (the red X through the tray icon), immediately went to the log, then took a screenshot. I've subsequently enabled the protection and have had no problems since then.

    Jason_DiamondCS,
    I have not had problems with blue screens/restarts. There may have been one a while ago, but I don't think that it corresponded in time with this problem and I haven't had any issues since then. My system is otherwise clean. I run TDS, PG, AAW, and my HijackThis log has been reviewed and it clean.

    My concern is that whatever the cause of this problem is, there must be some sort of vulerability within PG. If it was rendered useless in this particular case, then it must be susceptible to being rendered useless by attack.
     
  9. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, dallen

    Have had happen to me many time in the pass. [stopped it now]

    Do you bye any chance have a Nvidia Graphics Card or Have TDS-3 and have it on auto start up.

    I ask because since I had stopped NForce Tray Options, NvCplDaemon, Nwiz from stating programs and TDS-3 from auto start, I have never had it happen since.

    Hope this is of some help.

    Take Care,
    TheQuest :cool:
     
  10. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I haven't had a problem with the nvidia programs running at startup, but setting TDS3 to run at startup will definitely cause this.
     
  11. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    I have a NVidia video card and I have TDS3 in autostart mode. So based upon the above two responses, can I assume that TDS3 is responsible for this. Now let me ask the obvious questions:

    Why would two products made by the same company not work well together?

    Assuming the solution is to take TDS3 out of autostart mode, how can I get the full protecive capability out of TDS3 and PG? (Afterall, I would like to use both softwares simultaneously to their maximum capabilities).
     
  12. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi Notok

    I am not saying they were the cause just my small offer of some help.

    But I stopped them [not much use to have them as starting programs anyway as with office and many more] along with TDS and the problem went away.

    Take Care,
    TheQuest :cool:
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    Hi Dallen

    If you are running PG I wouldn't worry about the TDS autostart. Autostart is critical if you want to be sure TDS execution protection is working. But assuming your system is clean, ask yourself how something could now get into an exe to run such that tds would pickup a problem, without PG first blocking it?.

    What I now do is manually start TDS first thing in the morning, do the update, and then just leave it running.

    When we get TDS-4 that may change.

    Pete
     
  14. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Peter I agree, TDS3's on autostart in XP especially with all the startup scans enabled is best done with a manul start after everything else is loaded, PG will notice any process that changes ;)
    TDS4 implementation will indeed be different.
     
  15. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    I've had the same problem many times. PG had been running all day and then for no reason it disabled itself. I never disabled it but found the icon with a cross in it after boot up on many occasions.

    I won't use it because this keeps happening among other bugs and until these are fixed I just don't bother installing it. I really wish DCS would hurry up and get some fixes released as well as new programs which we have been waiting for for ages.

    Dave
     
  16. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi worldcitizen, You will be glad to know that we will start beta testing the latest version on Process Guard later this week. The new version should address many of these minor bugs.

    Thanks for your Patience. Pilli
     
  17. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    worldcitizen,
    It is my opinion that you should install and run Process Guard. Despite the minor issues, I feel that it is a vital layer of security. I'm sure that these minor issues will be addressed in the next version. Pilli states that the latest version of Process Guard will enter beta testing later this week, implying that it will be available soon. This may be true; however, I feel this is little indication of when it will be released because I think I remember hearing talk of TDS-4 entering beta testing back in early to mid 2002. Please correct me if I am wrong. I'm sure that there is a significant difference between the time it takes to release an update and the time it takes to totally redesign software from the groud up.
     
  18. pglover

    pglover Guest

    Great news to diamondcs users, isn't it?
    I have seen such issue with PG free version. I have seen one time recently with licensed version after a reboot and pg showed (only the first: driver not installed correctly; the others options were enabled shown well)
    ZoneAlarm personal firewall, all variants of all versions, has had serious such problems with its database files and never been solved.

    Sometimes, users dont know system just crashed since windows restarts itself (enabled option "auto reboot" if crash). Is this the case?
    Thx so much.
     
  19. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Dallen, Yes it is correct to say that once the beta is being tested by users the release does usually follow promptly.
    Regarding TDS4 and the 2002 comments: When Wayne's RADAR picked up the new much more dangerous threats that were beginning to show on the horizon, it was decided that TDS4 required rebuilding from the ground up which has taken considerable research and much development effort, in the meantime, due to the new threats and using some of the research for TDS4 it was decided that Process Guard needed to be developed to fore-fill an urgent need Re. the new and emerging malware. There is no other program like Process Guard.
    Meanwhile TDS3 is stiil at the top of the Trojan scanner tree

    TDS4 will be released this year as Wayne promised of that I am certain. :)

    Pilli
     
Thread Status:
Not open for further replies.