Allow Drivers/Service Install setting - apparently not working

Discussion in 'ProcessGuard' started by nameless, Jan 28, 2004.

Thread Status:
Not open for further replies.
  1. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Running Process Guard 1.200 on WinXP Pro. Sysinternals Regmon and Filemon utilities require drivers to work, so I have them in my PG list, with the "Allow Drivers/Service Install" option enabled for each. Of course, I also have the "Block Drivers and Services from installing" option enabled.

    The problem is that Filemon and Regmon can't load their drivers, even with the "Allow Drivers/Service Install" option enabled. Sysinternals coded for this type of error, and upon trying to launch either utility, an error appears which says "The system cannot find the file specified". (This error appears because Filemon and Regmon create and load their drivers dynamically; they actually create and register their SYS files on the fly on each run.)

    If I simply disable the "Block Drivers and Services from installing" option, Filemon and Regmon work fine (without so much as rebooting).

    A bug in Process Guard?
     
  2. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    It works fine for me.

    Process Explorer,Regmon and Filemon don't work if I have blocked drivers/services. If I go in an give them all allow access for Driver/Services they work as they would normally.

    It seems like SERVICES/SVCHOST sometimes installs the driver instead of regmon.exe/filemon.exe , I suggest you check your window log and see what is actually getting blocked. :)

    -Jason-
     
  3. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    But as I mentioned, nothing is showing up in the window log. According to PG, no blocking took place.

    If I deselect driver/service loading for filemon.exe, then try to run Filemon, PG tells me that filemon.exe "Tried to install a driver/service named FILEMON". If I select driver/service loading for filemon.exe, nothing is logged, and the aforementioned error dialog is generated by Filemon itself.

    If I enable driver/service loading for services.exe and svchost.exe (which seems pretty bizarre to me), the exact same thing happens--nothing changes from what I describe above.

    Process Explorer works fine.
     
  4. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Ok I see what is happening here. I am running on PG 1.250 which has a little fix in it which fixes this exact thing you are describing. Sorry about that :) .

    PG 1.250 will be out in a day or two.

    -Jason-
     
Thread Status:
Not open for further replies.