CS Fire 'Storm'!?

Discussion in 'ProcessGuard' started by snowfire, Sep 29, 2005.

Thread Status:
Not open for further replies.
  1. snowfire

    snowfire Registered Member

    Joined:
    Feb 12, 2005
    Posts:
    38
    Evening! all,

    WinXP Sp2, PG Full Version.

    For the last two days have been attempting to undo the damage that CS Fire Monitor did to my sys. It had to be CS Fire... I only installed two other progs: AmbiWord Processor and a data base editor. My sys has been somewhat unstable since uninstalling CS Fire...It started acting weird when I installed CS. Now, what concerns me most is what it did to two progs under full PG protection. There are two other progs that I know of so far but they were not in PG.

    I closed PG but did not disable it during the install.

    Sysinternals Filemon and Regmon (monitors) were essentially uninstalled. The only place I could find them was in my 'Downloads-Installs folder in 'My Documents' and and left over reminants in c:\...the kind you would normally find after an uninstall.

    PG has been excellent and remains at the top of my list. I do not expect 100% perfection from any software, all the time. But PG typically comes close!!

    I mention this for your information. CS Fire Monitor may (and probably does) work well with other system configurations. I use BlackVipers Services configurations, I have all FIVE Security zones in Internet Options Locked down so tight that the only thing left is to uninstall IE (which you can't...really). For the most part ActiveX Controls are disabled. And hefty security layers...some of which should have informed me of the MIA progs!!

    If anyone has any info on this please share!!

    Thanks
     
  2. Chewbacca42

    Chewbacca42 Guest

    Only thing I can say for sure is dont close PG especially if you dont disable protection.. otherwise how will you see alerts o_O
     
  3. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    I don't understand... I also have Filemon and Regmon from Sysinternals and they aren't the kind of apps that gets installed or uninstalled. They are downloaded as zip files and you drag and drop their executables to any location you want and manually make shortcuts to them or click on their exe files. Any remnants you see left in c:\ means something else hit your system or your HD got corrupted somehow.

    If the program you installed did indeed do damage (and cause system instability), then it simply must have manually deleted those .exe files for regmon and filemon somehow since there is no uninstall for them. Perhaps the program you installed is unstable and caused massive HD errors and among the casualties were Filemon and Regmon? There might be other HD file damage which could explain the system unstability and files left in c:\.

    Of course ProcessGuard will prompt before running something new so you can decide if it's safe or not and you can allow it rights to modify, read, install drivers/hooks etc. But there's really no protection from HD corruption or deletion of other files in ProcessGuard if YOU allow something unstable or malicious to run and learn it into ProcessGuard.

    One of the things I like to do is maintain a partition on my HD for a complete compressed partition backup. I also keep a copy on my network incase of HD failure. But it allows me to try new things, hack at my machine til it breaks, check things out to see if they are safe and worth keeping, and if not or they (or I ;) ) cause damage, restore the partition right back to it's original state. Backups, don't leave home without um...or be very cautious with installing stuff and be prepared to get familiar with that XP install CD!
     
  4. snowfire

    snowfire Registered Member

    Joined:
    Feb 12, 2005
    Posts:
    38
    Hi! Chewbacca42:

    I dislike putting PG in learning mode since it essentially creates a window of vulnerability. And generates alot of crap that has to be cleaned up afterwards. Nor do I disable PG. When closeing it out of the sys tray I still get all the alerts and then can selectively decide which files, if any, get 'Allow Always'. Usually none recieve that permission until I decide if the prog is OK and actually needs PG protection.

    Hi! Rick:

    As I told Chewbacca, I typically do not run PG in learning mode. 'Uninstall' was used for an example...what was left was 'like' the remanents one gets after an uninstall. The executibles were gone!

    Now that my sys is back to normal I have given this situation some thought. I suspect that this might be a conflict between having essential progs in PG (essential sys processes, security and various monitors) and NOT giving CS Fire... full rein (PG in learning mode) during the install. Interestingly, besides general sys instability (which might be due to the above) so far the main progs effected were 'monitors': Reg-Filemon and TCP view (no longer used, anyway). And, oddly, RegSaver (which I no longer use). I haven't found any other crippled progs. Process Explorer and Port Explorer did survive intact!!

    As for your last paragraph...Your Right! I really thought that this time I was going to have to reformate.
     
Thread Status:
Not open for further replies.