CounterSpy 2, realtime protection problems

CounterSpy 2.1.917 has now been released to the masses (through the updater) and boy, what a pain it's realtime protection is proving to be!

I ran version 1.5 for a year and a half without problems; sure its figures for CPU and Memory usage looked gory in Task Manager, but it did not impact on the smooth running of my system. Version 2 is exactly the opposite, the numbers look great in TM but nonetheless it causes drag on my machine - everything slows up. If I'm doing erasing of my cache with CCleaner or CleanCache it takes twice as long, if I bring up Process Explorer it hangs (temporarily taking down all my desktop icons at the same time), just opening IE windows and loading web pages seems to take longer.

And it plays badly with ProcessGuard, ssbcssvc.exe wants to install drivers and even if you allow it, PG still blocks realtime functions of CS at bootup because it tries to get Services.exe to load drivers which PG will not permit (unless you water down its protection). So the best solution is to switch off realtime protection in CS2 at bootup (and preferably permanently ).

The other problem I get is that CS never seems to remember items on its 'User Good Applications' list and asks the same questions each session. Especially annoying are the two pop-ups I get after every reboot (see screen shot) telling me an app (which it cannot name!) is altering my IE security Zones; this is NOT the case but I cannot get rid of the pop-ups 'cos CS won't remember 'allow' when told to!

All in all, I'm pretty fed up with CounterSpy 2 and may go back to the trouble free 1.5 until my licence expires - then who knows, SAS perhaps?

PS. - is CS2 even monitoring Startup folders (like 1.5 used to), it doesn't seem to be?

 

I have the same problem as you do. But it also kills my windows defender every time, I try to start it. It will not let it even start to run, I'm getting pissed off that this v2 and 1.5 looks good again. I too ran it for about 1 year the 1.5 version with not all this mess........

 

TopperID:

Based on your description of problems, I have a few comments and suggestions:

1) The screenshot you've posted indicates that CS Active Protection is popping alerts on a program identified as <unknown x>. The program is identified as <unknown x> because the program process itself (whatever it is) is preventing CounterSpy from accessing information about it such as name, MD5, size, etc.

One instance in which we've seen this happen is with Kaspersky AV or IS 6.0, which has a "self-protection" option that allows KAV/KIS to effectively tell other apps "don't touch me!" That self-protection option (which is also included in ZoneAlarm AV 7 and SS 7, which use the KAV engine) prevent CS's Active Protection fro recognizing KAV//KIS as a "known good" program that it shouldn't prompt you about.

You didn't happen to say whether you have Kasperksy installed; if not, then another program you're running (ProcessGuard perhaps?) is effectively doing the same thing -- protecting its own process from prying eyes.

The only known solutions at this point are to:

a) Turn off CounterSpy's Active Protection;

b) Turn off the self-protection of whatever app is protecting its process.

If you are getting other AP warnings about apps other than <unknown x>, we would sure like to hear about them.

2) If you're running ProcessGuard and CounterSpy's Active Protection, then you've got at least 2 applications that are hooking the kernel -- a situation ripe for conflicts.

3) What other anti-malware programs are resident and providing real-time protection on you system? I ask because the most likely cause of system slowdowns with Active Protection on is a conflict with another anti-malware programs.

SIR****TMG:

If you take a look at the CS 2 Notes thread, you'll notice a discussion of Windows Defender and a work-around for the problem you're having in the first two posts:

https://www.wilderssecurity.com/showthread.php?t=164378

Regards,

Eric L. Howes
Sunbelt Software

 

Thanks for your reply.

Yes, I am running KAV 6 with its self protection feature enabled; and I'm also running PG. I strongly suspect I'm getting a double whammy of a pop-up for each of those apps at bootup.

However this does not explain why CS 2 never remembers items on its 'Known Good Applications' list for longer than the session; consequently I keep getting pop-ups of the type below, and when I click to 'Allow' and 'Remember' it only keeps the item on the list 'till next bootup. Keep having to accept these items is very annoying.

The other thing is, even with everything else disabled, CS greatly slows down cache cleaning/erasing; does it really scan every item being erased?

Monitoring non-Reg startup locations was one of the features I used CS 1.5 for, why is it no longer guarding the startup folders?

Obviously all systems and computer uses are not the same, maybe CS 2 is no longer ideal for my purposes, but I shall persevere for the momemt.

 

TopperID:

We do have reports of CSC not "remembering" user-defined "known-goods," and the devs are looking into this.

As for the cache cleaning slowdown, we've not received a report of that before. I've used both System Mechanic and CCleaner on my own boxes with CSC 2 and not experienced and slowdowns while cleaning. What programs are you using?

Finally, CSC should be protecting the Startup folder from "known bads." AP is designed so that it won't warn you on every single change to a monitored location, just those made by applications it regards as "known bads" or as "suspicious." If you could provide more information on what you're seeing, I could look into it.

Best,

Eric L. Howes
Sunbelt Software

 

@ TopperID

Interesting what you said about Process Explorer (temporarily taking down all your desktop icons at the same time)

I've noticed it doing something similar like that quite frequently. In my case it's not all the icons, but about 3/4 of them. After a few seconds these self correct, and then PE launches and can be used normally. On occasion i have had a complete freeze out, and needed to reboot.

I have never installed CS, so i'm suggesting it could be a PE issue !

@ eburger68

Typo for you

http://img84.imageshack.us/img84/6153/csth8.jpg


StevieO

 

It's really when I'm erasing (overwriting) that I notice it (with CleanCache or CCleaner), obviously my AV Guard slows that quite a bit - but CS 2 slows it even more. I usually disable my AV Guard, where appropriate while doing this, but I never had to disable CS 1.5 in the past.

With regard to the startup folder, I used to find it useful, when installing a friendly program that placed its icon in the startup folder, to have CS notify me of this fact so I could go into the program and switch off the function causing it (things like Adobe Acrobat do that). With a bad program that constantly puts itself into the folder no matter how many times you delete it, it is obviously necessary to stop it from surviving a reboot (along with .ini file and Reg protection etc); so it is perhaps unfortunate that the malware must be 'known' in order for that protection to apply.

With me it is also three quarters of the icons ; but it only occurs when CS 2's 'Active Protection' is running. As it happens PE does like to install drivers and write to the 'Services' section of the Registry, so, in your case, it could be some other security software monitoring these areas that is causing the 'drag'.