Can't uninstall ProSecuruty

Discussion in 'other anti-malware software' started by david banner, Nov 26, 2007.

Thread Status:
Not open for further replies.
  1. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    Prosecurity will not allow me remove it from start up, it keeps coming back. I want to stop it running for the moment.So I try to uninstal and cannot, get 'error occurred when terminate process of PS'.

    Can anyone help me get this off my PC

    I think too many progs now assume they will be wanted to run at start up and do not ask. Would be better to have choice configuring, or am I missing something?

    Thanks
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    If you just are clicking exit on the sys tray you are still running. Besure and shutdown all protections. Then you should be able to uninstall it.

    Pete
     
  3. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,

    The safest way to uninstall anything in this nature is to delete them in

    Safe Mode. Go into safe mode, and find its uninstall file and proceed with joy. Be happy.
     
  4. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    No its not running in tray, where do i look for it running in task manager, what is the process name? Is it rule editor? I have heaps of instances of rule editor in task manager

    Thanks
     
  5. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    Hi

    But should I not be able to uninstall withoutsafe mode?

    David
     
  6. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    WinPatrol will disable this for you if the other suggestions here do not work.It will not uninstall software but will stop it from running and/or remove it from your startup list.A very useful software.:D
     
  7. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    WinPatrol wont do it tried, keeps trying to start
     
  8. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    You did under startup programs, how about active tasks/select kill task and services/info..disable ?
     
  9. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    tried that too. Got email from hairy coo but do not see post.hairy coo can you explain what you mean by 'it needs to start first off'
     
  10. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    yes meant the auto

    I uninstalled in safe mode. But would like to know where i went wrong. It seems a very good prog to have if its security is as difficult to end. Might want to have it back when learn how to control it

    Thanks

    David
     
  11. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    You must be referring to the auto notification of new post-I deleted the post as I quickly woke up to the fact that as its a security app,you cannot kill it by any normal means.

    APT will kill it-so how secure is PS in the first place?

    http://www.diamondcs.com.au/advancedseries/apt.php

    Firstly,try this-Go to Privilege and disable Terminating/Setting Process.

    If this doesnt work ,disable ALL protection in PS.

    If the normal uninstall has disappeared go to Program files /ProSecurity/uninstall.
     
  12. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches

    It cant be secure if APT can kill it.

    APT is a standard test for security apps termination vulnerability

    Edit; had some editing probs=posts out of sequence
     
    Last edited: Nov 26, 2007
  13. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    what is APT? Is it advanced procees termination? What can not be killed by APT?
     
  14. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    David-if you follow the link in post 11-it will explain fully.
     
  15. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,

    Any given security app , especially those kernel-hooking HIPS, tends to associate with a lot, I mean lots, of other parts of your system, it is designed to sneak into and control them.

    Being difficult to uninstall is one thing, if you force your way to do it, some serious consequences could be the end word, be careful. I have learned this thru some painful experiences. Safe mode is there for you to use in this circumstance, do not overlook it, and use it smartly.

    PS: if you have registry editor on hand, do a search for ProSecurity, you will be surprised to find more than handful of leftovers. It is the normal hang-over after encounter with HIPS. Nothing is surprising.
    Take care and be happy as usual.
     
  16. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    I'm new To ProSec. I switched learning mode on AND install mode on and its very silent. Every now and then I untick for a bit of action.

    Seriously though I've played with many combos lately and I have a warm fuzzy feeling about ProSec and DefenseWall working in tandem. :thumb:
     
  17. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi,

    ProSecurity does not need its running processes (PSSession, Alarm, RuleEditor) to enforce its protection. No need to try terminating processes with APT when all you have to do is let ProSecurity itself block Alarm and RuleEditor from executing at startup...

    Alarm.exe
    [EXECUTE] 2007.11.27 01:08:10
    [BLOCK] C:\Program Files\ProSecurity\Alarm.exe
    Command Line:"C:\Program Files\ProSecurity\Alarm.exe"
    [FROM] C:\WINDOWS\Explorer.EXE
    Command Line:C:\WINDOWS\Explorer.EXE


    RuleEditor.exe
    [EXECUTE] 2007.11.27 01:08:10
    [BLOCK] C:\Program Files\ProSecurity\RuleEditor.exe
    Command Line:"C:\Program Files\ProSecurity\RuleEditor.exe"
    [FROM] C:\WINDOWS\Explorer.EXE
    Command Line:C:\WINDOWS\Explorer.EXE


    The PSSession service can be set to manual start or disabled. The protection persists even after a reboot and you will see errors like this when you execute unknown apps...

    Nick
     

    Attached Files:

  18. Stephen2_Aus

    Stephen2_Aus Registered Member

    Joined:
    Feb 17, 2007
    Posts:
    37
    Off Topic, but...

    ProSecurity is NOT vulnerable by APT. Here are screenshots of ProSecurity 1.4 Public Beta 2 defeating APT.

    http://img502.imageshack.us/my.php?image=prosecbeatsaptql6.jpg

    Just thought I would abolish the myth, I don't know where it came from Hairy Coo, why did you think ProSecurity was vulnerable?
     
  19. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    Nick s,

    I am running version 1.30 free and APT killed all the three processes with the APT Kill 1 function.

    I see that PS is still running as a service on auto-are you saying that therefore the protection is still there,even though the 3 processes have been killed?

    If you could give a brief explanation I would of course accept it-a bit unusual isnt it o_O
     
  20. Stephen2_Aus

    Stephen2_Aus Registered Member

    Joined:
    Feb 17, 2007
    Posts:
    37
    PS Free doesn't boast nearly as many defenses as ProSecurity paid.

    It is a brilliant product, only hampered by it's clunky interface and grammar.

    Technically, it is by far the best "Classical" HIPS available as far as I am concerned and tried a lot of programs.
     
  21. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    Last edited: Nov 27, 2007
  22. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi,

    Yes, that is my point. Alarm, RuleEditor, and PSSession are basically "helper" processes. The PSSession service can be set to manual startup. Even if APT were capable of killing them, ProSecurity's rules remain fully enforced by its driver. Setting ProSecurity to block its own helper processes, as shown above, was just an extreme example. You only lose interactivity when you terminate Alarm, RuleEditor, and PSSession.

    I suspect there are some limitations to the free version which make it vulnerable to APT. For me, APT 4.0 fails against paid versions of PS 1.30 and PS 1.40b3.

    Nick
     

    Attached Files:

  23. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    Thanks for the explanation ,Nick-interesting.

    However I can kill the processes in paid 1.30 using APT2.1.

    As you said,this seemingly doesnt affect the protection as shown by the leaktest alert,even though no PS app. is showing in the taskbar

    2007-11-28_130411.jpg
     
  24. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    After digging through old threads here and at the ProSecurity forum, I see that 1.30 has an unfixed windows message handling vulnerabilty. Using APT 2.1, 1.30 will fail kill methods 7 and 8. Using APT 4.0, 1.30 will fail kill methods 2, 3, and 4. PS 1.26 and PS 1.40b are not vulnerable. Some related posts (including one by me):

    https://www.wilderssecurity.com/showpost.php?p=991269&postcount=33

    https://www.wilderssecurity.com/showpost.php?p=991716&postcount=44

    http://www.proactive-hips.com/yabb/yabb2/YaBB.pl?num=1178122947/2#2

    Nick
     
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Not sure if it's of any help or not but the combination of AUTORUNS/APT should "halt" PS Security by pulling it's driver AND killing process. I don't fool with it because it BSOD my units too much to gain my trust over time. If the above is prevented in Windows try Safe Mode and see how things fair that way. You only need identify critical active componants then remove them, but if when you go that route, you'll also need to fish the registry to remove it's entries too.

    Good Luck.
     
Thread Status:
Not open for further replies.