Certain startup programs aren't loading (PG 2.0)

Discussion in 'ProcessGuard' started by Godlike, Mar 25, 2004.

Thread Status:
Not open for further replies.
  1. Godlike

    Godlike Registered Member

    Joined:
    Feb 9, 2004
    Posts:
    12
    Location:
    New York
    When I reboot my system certain startup programs aren't loading anymore (or only load once in awhile). I don't know what's causing this problem since I'm not receiving any alerts in my PG log. Is anyone else experiencing this?
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    Hi Godlike

    None of the Beta team has seen anything like this, that I am aware of.

    I assume you are no longer in the learning mode on the checksum protection since you have rebooted. If the program that isn't starting isn't in the checksum database it would be challenged during boot up, and you would be able to allow it. From then on there should be no problem.

    Assuming the above isn't the issue, have you turned Process Guard back off to see if the problem persists.

    What programs aren't starting?

    Pete
     
  3. Godlike

    Godlike Registered Member

    Joined:
    Feb 9, 2004
    Posts:
    12
    Location:
    New York
    It's in the checksum database and it's allowed, but unfortunately I'm still having the problem.

    When I turn PG off, everything loads up correctly (I wasn't having this problem with 1.3).

    iTouch.exe (iTouch loads the iTouch configuration program for Logitech keyboards)
    ObjectDock.exe (ObjectDock is a program that displays an animated launchbar/taskbar)

    Like I said before, sometimes they load on startup. But most of the time they don't when PG 2.0 is enabled. :doubt:
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Godlike,
    Can I suggest putting the .exe into the protection list and giving it "Allow global hooks" and it my also need "Allow driver /instal" as it is a low level programme.

    HTH Pilli
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    Bingo Pilli. I'll bet that's it. I did run into that with a program I hadn't entered into Process Guard for protection. Ergo no log entry. But once I put it in and turned on the option to allow it to install services it worked.
     
  6. rodsoto

    rodsoto Registered Member

    Joined:
    Mar 18, 2004
    Posts:
    77
    Location:
    Australia
    Godlike,

    I had an experience where no programs would load after system reboot and just finished learning mode... PG actually alerted me of a file to be allowed and then the screen dissapeared, this then prevented any process from executing. From what i've discussed with another member, is that Process Guard was asking permission for rundll32.exe to be allowed. You have very little time to do this. I found it happened as soon as I tried to log into Windows straight away rather than waiting for services to be added by PG.

    Since Rundll32.exe screen dissapears, this prevents other programs from loading. I had to reset my system, let it sit in the 'welcome screen' for a few minutes until all necessary applications - including rundll32.exe were given permission, then continued into Windows. This seemed to fix the problem right up.

    For you, go check the MD5 checksum screen, look for rundll32.exe and give it allow permission. Try execute it and see what happens, then reboot your system.

    Kind Regards
     
  7. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    I had a similiar incident on a previous reboot where Norton Internet Security 2004 did not load on startup. There were no messages to allow by PG or any other message during the reboot. NIS 2004 just did not startup, no icon in the systray. It's never done that before. I rebooted again and it did start up.
     
  8. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    May be Process Guard blocks something (the driver) but fails to log it ?
    May be the block occurs too early in the boot process to be remembered by the GUI when you start procguard.
     
  9. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Could you provide the locations used to startup these programs are failing, usually they are in the STARTUP folder or HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\currentversion\Run

    And what I mean by the locations, is the PATH and FILENAME which are displayed in the relative startup locations.

    -Jason-
     
  10. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    In the case of the NIS 2004 failure, it would be

    "c:\program files\common files\symantec shared\ccapp.exe"
    c:\program files\norton Internet Security\urllstck.exe

    both locate in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\currentversion\Run
     
  11. PikeDude

    PikeDude Registered Member

    Joined:
    Aug 3, 2003
    Posts:
    45
    Hi,

    I'm having the same problems with the a couple of programs not starting up after installation of Process Guard 2.0. They all start up when Process Guard is disabled but as soon as it's enabled one or two of either programs does not load. The programs that I have trouble with is Panda Platinum 7.0, BoClean and the drivers for the mouse and keyboard (both from Logitech).

    Oddly enough when Panda's icon is not in the system tray it is still working in the background because I get alerts from the firewall even though there is no icon. Only a reboot brings back the icon.

    The mouse and keyboard 's icon are there once booted but as soon as I hover the mouse over them they disappear. Once I go in the control panel and bring up the mouse or keyboard properties, they reappear and the drivers are loaded.

    I have added all the programs to the program protection of process guard and made sure that they are also in the program's checksum as allowed but this odd behavior still keeps happening. Any insight would be appreciated.
     
  12. PikeDude

    PikeDude Registered Member

    Joined:
    Aug 3, 2003
    Posts:
    45
    Hi Jason, here is the info in the

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\currentversion\Run

    C:\PROGRA~1\NSClean\BOClean\BOClean.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe (keyboard driver)
    C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
    C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
    Logi_MwX.Exe (mouse driver)
     
  13. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    PikeDude,

    Change BOCLEANS entry to :-

    C:\PROGRAM FILES\NSClean\BOClean\BOClean.exe


    Then add the programs that aren't loading correctly to the Program Protection. Now make sure ALLOW GLOBAL HOOKS is enabled for each program in the options section. By the way, with Block Global Hooks turned off, do all the programs work correctly?

    -Jason-
     
  14. Godlike

    Godlike Registered Member

    Joined:
    Feb 9, 2004
    Posts:
    12
    Location:
    New York
    I've tried almost everything suggested in this thread, but nothing seems to correct the problem. I also noticed that it's affecting more then the 2 programs that I originally listed. Almost every time I reboot, a different program doesn't load. I think this might be a bug that people just aren't noticing (it usually only affects one startup program at a time). If you want to test your system try this... disable PG, reboot, then open Task Manager and see how many processes are running. Now enable PG, reboot again, and see how many are running (are any missing?). Reboot your system around four or five times in a row (make sure to take a look at your running processes after each reboot). Is every startup process loading, or is PG blocking certain programs?

    C:\Program Files\Logitech\iTouch\iTouch.exe
    located in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    C:\Program Files\Object Desktop\Programs\Cursor XP\CursorXP.exe
    located in HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    C:\Program Files\Object Desktop\Programs\ObjectDock\ObjectDock.exe
    located in Startup folder
     
  15. PikeDude

    PikeDude Registered Member

    Joined:
    Aug 3, 2003
    Posts:
    45
    Hey Jason,

    I did as you asked and changed the BoClean to the

    C:\PROGRAM FILES\NSClean\BOClean\BOClean.exe

    in the registry. I also already had all these programs in the Program Protection with the Allow Global Hooks option and also the Allow Driver/Services Install checked all but to no avail. They still sometimes do not load at startup. I also tried and give them all the options in the Allowed Flag's and still they sometimes do not load.

    I do believe Godlike is right about some services not loading, it is easier to spot it when the icon does not show up but what about all the other processes that don't have the icon for it to be noticeable. How can we be sure that they all started normally?

    To answer your question, yes, they all seem to load normally for me if I remove the Block Global Hooks option. If Iwere to keep this unchecked is Process Guard still effective in guarding the process's in the Program Protection?

    Thanks for all the help.
     
  16. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Regarding services not starting etc. This maybe because they have not been allowed onto the MD5 list - Especially rundll32.exe.
    Anyway attached is a screenshot showing the system files on my MD5 list in XP Pro.
     
  17. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    With this problem of elements not being started up or loaded, it would seem prudent to incorporate a log file that shows what is being or has been blocked with time and date....perhaps a .txt folder that we can view with notepad.
     
  18. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi siliconman01 Do you mean apart from the existing file log?
    I have three computers here all with different Operating syatems, XP Pro, XP Home & Server 2003 and have not had any files not starting that should. This afternoon I tested with Process Guard disabled and enabled - Checked the Task Manager running processes lists in both states and apart from Process Guards own processes there was no difference, having said that there may be certain processes such as BoClean that require special treatment.
    It is impossible for software developers to forsee every PC configuration, especially for an advanced programme like Process Guard but together we can try to iron out user problems for the benefit of all users. :)

    Thanks for your input.
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    I just rebooted several times, and all processes start consistently. All services that are started during boot up should be in there due to the install starting in learning mode. Once learning mode is off besure not to check the block all new and changed programs, for a while. This way if anything wasn't caught while in learning mode you will have a chance to allow it. I did have one program that didn't get included on the first boot after install, but the desktop came up on the reboot, and I allowed what ever the program was and it was fine.
     
  20. PikeDude

    PikeDude Registered Member

    Joined:
    Aug 3, 2003
    Posts:
    45
    Hey all,

    This is great for all the people that it's working for but some of us do have the problems. This was a brand new installation of Windows XP Pro with only the hardware drivers installed and my firewall and antivirus. I followed the installation procedure to the letter and everything did what it was suppose to do, I have all the program checksum as described in this thread from the learning mode in the Program Checksum window (such as rundll32.exe, ect..) I added all the services and programs that load with Windows in the Program Protection with the Allow Global Hooks and Allow Drivers/Services Install checked. I opened most of the programs that I used and after about 20-25 minutes I rebooted and the program automatically left the learning mode, as it was suppose to do. The only other time that I received an alert was when I started a program that was not started in learning mode and then I allowed it. Everything should have worked but it didn't (such as BoClean and the Logitech software).

    This would happen after every boot, one or the other would not load and sometimes even both. For the Logitech software, the startup registry would point to C:\Program Files\Logitech\iTouch\iTouch.exe and for the mouse C:\Program Files\Logitech\MouseWare\system\Em_exec.exe. I then went looking in the log file of process guard and noticed that a program Logi_MWX from the C:\Windows folder was allowed to load (because of the learning mode) but was not in the Protected Programs with the Allow Global Hooks option. Once I did this, well no more problems with the drivers loading at startup or disappearing shortly after startup.

    Hope this can help someone else. Now about BoClean...
     
  21. PikeDude

    PikeDude Registered Member

    Joined:
    Aug 3, 2003
    Posts:
    45
    I just had to reboot one more time before I posted this to make sure that BoClean would load again and it has for the past 5 reboots!

    At first all I had in the Program Protection with all the options turned on was Boclean.exe but it would not load. Then I also added the Bocsec.exe with all the options turned on and that did not help.

    Now here's the crazy part (hopefully someone can explain it to me) I then added the BoClean database file (boc411.xvu) to the Protected Programs with the Allow Global Hooks and voila, BoClean loads at every boot (now at 5 boots just to be sure). I then removed the file from the Protected Programs and BoClean did not boot anymore, I had to manually click on the BoClean icon for it to load. I then placed the database file back into Protection with Allow Global Hooks and it started loading again.

    I don't know if this is normal or really the case (maybe I was just very lucky at all the various boots), but it does seem to work for the moment.

    Just thought I would pass this information along.
     
  22. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Thanks for your concise input PikeDude.

    All of these useful comments will help other users :) and it appears that you have found a way to solve your problems.

    Please except a Karma cookie for all your effort!
     
  23. PikeDude

    PikeDude Registered Member

    Joined:
    Aug 3, 2003
    Posts:
    45
    Thank you very much Pilli :)
     
  24. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    one more from me for your efforts ;)
     
  25. Godlike

    Godlike Registered Member

    Joined:
    Feb 9, 2004
    Posts:
    12
    Location:
    New York
    Oops, forgot to mention when I disable Block Global Hooks everything loads up properly.

    Anyway, I really appreciate all the help (even though I still can't get certain programs to load :doubt:).
     
Thread Status:
Not open for further replies.