Close Message Handling

Discussion in 'ProcessGuard' started by WilliamP, Apr 2, 2004.

Thread Status:
Not open for further replies.
  1. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I have set up CMH on all my security programs. It will work on NOD32 but not TDS3. I can just click on TDS3 and close it without human verification. What could be the problem?
     
  2. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, WilliamP

    Have you tried rebooting after you set CMH on TDS? it should work then.

    Good luck.
    TheQuest :cool:
     
  3. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    While CMH and TDS-3 get along for me, CMH and Process Guard do not. Just random occasions where Process Guard does not ask for confirmation when I close it. This thread addresses the same issue:

    http://www.wilderssecurity.com/showthread.php?t=25696;start=msg150617#msg150617

    Nick
     
  4. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    The system has been rebooted several times and everything is set up properly.
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    There are some known issues relating to CMH working ramdonly. Jason is aware of this.

    Pete
     
  6. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    First I want to thank Pilli for the link to the great program Faber Toys. It is most useful.

    Second, I recognize that CMH has some problems and Jason is working on them. However, I want to relay what I am seeing now that Faber Toys is providing a peak inside. My system is Windows XP-SP1 Home.

    1. Some memory resident programs such as CookieWall and a little utility I use named AutoEject (to eject disks) close even with CMH enabled and procguard.dll inserted. I tried these several times, each time assuring that procguard.dll was showing per Faber Toys. No HID was ever issued.

    2. Programs such as Ad-Watch that have a build-in YES/NO confirmation window of their own when you select exit/terminate/close for them to exit memory act as follows with CMH enabled on them:
    - Right click on the systray icon and select Exit or Close.
    - The built-in YES/NO confirmation window appears.
    - Select YES to close the program.
    - The HID appears.
    - If you select Cancel on the HID window, the HID closes and program closes as well. So the HID is useless under this situation.
    - If you enter the HID Code and select OK, the program closes.

    3. Sometimes it takes 3-4 attempts via terminating and activating a program with CMH to get procguard.dll to insert.

    JFYI
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Thanks siliconman :)
    Thee CloseMessage Handling and Faber Toys information is posted in the Tips, Tricks & FAQ's.
    Unfortunately Close Meassage Handling (CMH) cannot be logged by Process Guard at the moment but your written experiences may help Jason tie down the problem.

    I have only used CMH on a limited number of ptogrammes that may be at risk and have had success with TDS3, CryptoSuite, Oupost Pro2 NOD32, Port Explorer & Procguard.exe but sometimes it takes a couple of program restarts to get the procguard.dll to show and for CMH to work.

    Regarding the case where a programme already has a pop up saying something like "Are you sure you want to close?" you are at a much lesser risk of closing without knowing by malware & OK so you get an HID as well, the program closes but you are totally aware of it so in that regard I would not call it useless :)

    HTH Pilli
     
  8. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Has anyone tried the Faber Toy yet. Come on guys give it a go. I'm chicken . I don't know that I would know what I'm looking at. It is a strange situation. I can open NOD32 then click on it and it goes away. If I open it again ,right away and click on it CMH window pops up. But if it is left alone for awhile CMH doesn"t work.
     
  9. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I'm sorry I missed Siliconmans post.
     
  10. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi William, Strange behaviour, usually the Close Message Handling does not become active immediately, if I recollect correctly, I believe Jason put a two second delay before it becomes active. :doubt:
     
  11. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Now don't get me wrong,I'm satisfied with PG, but I would like to see the CMH working on TDS3. Is it being worked on? Thank you.
     
  12. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    It does work, though you may have to load TDS more than once, Faber Toys will show you if the procguard.dll is loaded.

    In Faber toys click on "Depenencies", the top process list will show, then click the process you wish to investigate and the associated files will be shown in the lower panel, usually the list will be in alphabetical order.

    Yes, Jason is fully aware of the Close Meassage Handling problems that some users encounter :)
     
Thread Status:
Not open for further replies.