Disabling background processes

Discussion in 'ewido anti-spyware forum' started by adam777, Jun 26, 2006.

Thread Status:
Not open for further replies.
  1. adam777

    adam777 Registered Member

    Joined:
    Apr 15, 2006
    Posts:
    48
    Hello all,
    Having read alot of good things regarding ewido in this forum, as well as other places i decided i'll give it a try as an on-demand scanner (i do not need resident shield at the moment).
    So, i've installed the latest version 4.0.0.172.
    As i've stated, i would like to use the product as an on-demand scanner ONLY, meaning i don't want to see any evidence of it's existence on my system during normal use.
    The problem is, upon installation it places several files that are loaded during boot, that i've found no easy way of telling the program not to load:

    - shellexecutehook.dll under HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

    - guard.exe under HKLM\System\CurrentControlSet\Services

    - guard.sys under HKLM\System\CurrentControlSet\Services

    now, i can disable all of them manually using Autoruns or so, but i guess that will probably interfere with the normal operation of the software when i DO want to use it.
    SO, basically my question is for that easy way of telling the program to load it's stuff only when i want it to do so, without all kind of agents and stuf...
    Thanks in advance, Adam.
     
  2. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    The sys tray icon belongs to ewido.exe, rather than the guard (I believe), but if you right click that you can disable Resident Shield and Automatic Updates; similarly you can also remove ewido.exe's autostart by unticking 'Start With Windows'. That should stop things running after bootup.
     
  3. adam777

    adam777 Registered Member

    Joined:
    Apr 15, 2006
    Posts:
    48
    Thanks, TopperID,
    However, although automatic updates, resident shield and start with windows are all unticked, everything that related to the "guard" is still there...
    Meaning, the Service called "ewido anti-spyware 4.0 guard" is still set to automatic...
    I'll try to disable it and see if it has the desired result as well as not affecting scan capability.
    Will report my findings :)

    * EDIT *
    OK, here's the deal.
    Setting the above service to "disabled" takes care of the "guard.exe" entry found by autoruns.
    The other two entries still remain. The dll is basically the right click option to "scan with...", so removing it manually should cause no harm, as far as I can tell.
    As for the "gurad.sys", it still remains. However, I see no evidence of any other process in memory except "ewido.exe" when launching the program for manual scan, so i let it stay where it is...
    I managed to do a manual update and launch a full scan while the agent service is disabled, so I'm pretty set.
    However, I would be happy to know if there's a more trivial way of disabling the guard and shell extension using the GUI, I couldn't find one.
    Thanks again, Adam.
     
    Last edited: Jun 26, 2006
  4. MikeW2

    MikeW2 Registered Member

    Joined:
    Jun 25, 2006
    Posts:
    14
    Location:
    Bedfordshire - UK
    You can disable Gaurd via services.msc change sevice to manual or disable. Like you I prefer it to perform manual scans only. I have had the guard process disable for the past few days. Everything else performs well.
     
  5. HelpFromFrance

    HelpFromFrance Registered Member

    Joined:
    Jul 6, 2005
    Posts:
    283
    adam777,

    Before I decided to use the resident shield I always disabled "guard", through services and never had any problem at all the manual scans worked just fine.

    Take a look at this thread where I ask the quesiton and read ewido's response in post #5.
    https://www.wilderssecurity.com/showthread.php?t=136166

    Have a good day,
    HelpFromFrance
     
  6. adam777

    adam777 Registered Member

    Joined:
    Apr 15, 2006
    Posts:
    48
    OK, thank you all for the confirmation :)
    It's weird, however, you can't control the guard and shell menu through the GUI.
     
  7. HelpFromFrance

    HelpFromFrance Registered Member

    Joined:
    Jul 6, 2005
    Posts:
    283
    adam77,

    I have noticed a lot of programs like that and I think they feel that the average user does not need to change things like that and if they put it within their power to do so that they could end up having more problems.

    HelpFromFrance
     
Thread Status:
Not open for further replies.