"~e5d141.tmp" under PROTECTION section

Discussion in 'ProcessGuard' started by wanchan, Nov 10, 2004.

Thread Status:
Not open for further replies.
  1. wanchan

    wanchan Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    33
    Hi, I just started using ProcessGuard 3 paid version. My first post:)

    I noticed that under PROTECTION, the following is listed. I am wondering what exactly this is and therefore if it should be listed under this section to be protected.

    Application Name: ~e5d141.tmp
    Application Folder: C:\Documents and Settings\my username\Local Settings\Temp

    I have avast 4 Pro, Outpost Firewall 2.5 Pro and ProcessGuard 3 installed on an XP Pro machine. I've got a feeling that ~e5d141.tmp might be an update file used for apps such as avast. If someone happens to have the same security settings like mine, please kindly advise.

    Thanks!

    ----
    Seurity settings
    avast 4 Pro, Outpost Firewall 2.5 Pro and ProcessGuard 3
    OS: XP Pro SP2
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi wanchan and welcome, Not sure what it is but I would remove it from the protection list as it was probably picked up during learning mode. Usually .tmp files can safely be deleted.

    I assume you have already checked this file with your AV, AT etc :)

    HTH Pilli
     
  3. wanchan

    wanchan Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    33
    I just removed .temp file, and tried to manually update avast signature and program. Both completed with no problems. Outpost Firewall does not get many updates. When it does I install updates only offiline. I will see what question PG3 may ask which might be related to the removed .temp file in the future...

    Btw, I had Learning Mode on primarily when I had rounter unplugged and internet disconnected. After unchecked Learning Mode, i went online and had PG learn what I usually do...I guess to be on the safe size, this is a better way to do it.
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi wanchan, I doubt there would be any problem being connected to the Internet through your router as long as you only start your intenet apps, i.e. don't surf or download anything but what you did is the best way. If I did not have a router I would disablle all connections through my software firewall, most firewalls have this ability.

    As they say "Better safe than sorry" :) Pilli
     
  5. Disciple

    Disciple Registered Member

    Joined:
    Nov 14, 2002
    Posts:
    292
    Location:
    Ellijay, Georgia - USA
    FWIW, I have started disabling PG when ever I apply an update/upgrade that was downloaded and saved to the hard drive. Why? Many installers create .tmp files in the folder you named, and for what ever reason they become part of the install process and apparently appear to be executing. Thus with PG disabled you do not get the PG alerts for installers and/or tmp files.

    (NOTE: I only do this for updates/upgrades that I have initiated or verified are legit)
     
  6. wanchan

    wanchan Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    33
    There really wasn't any change immediately before and after installing PG3.

    Nice reminder. It is also recommended on the PG3 manual.

     
  7. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    I just thought I would mention, I have an entry for this tmp file also. On my system it is created by Adobe Photoshop CS, or actually it's part of the Macrovision based activation that comes with Photoshop CS.

    If you choose properties on the tmp file, it shows the original name as cleanup.exe from Macrovision Europe Ltd.

    If you do not allow it to run, Photoshop 's over zealous activation routines will not allow Photoshop to load. There also is an adobelmsvc service that runs each time Photoshop is run that wants to litter your machine with what appears to be phoney random character services while Photoshop is running, leaving one behind as some sort of installation proof marker, making sure this app isn't allowed to install services stops this over zealous littering of fake services without deactivating Photoshop.

    I fale to see the need for their copyprotection to install deceptive services as markers. I thought I was getting drive by root kits or something when I first saw these random character "services" appearing in the Services Console.

    This is one of the reasons I got ProcessGuard in the first place, to protect my system from legitimate inside apps wreaking havoc, as well as protecting from nasty ones from the outside.

    Just thought I'd share what I found about this "tmp" file.
     
  8. wanchan

    wanchan Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    33
    Thanks for the confirmating info.:) Found the similar situatation here after a bit of research.

    In my case, I am using Longman Distionary Of Comtemporary English. This dictionary comes with service called, cdac11ba.exe. This service, listed under XP Services, needs to be run every time when the dictionary starts up. In fact the service, cdac11ba.exe, is set Automatic.

    ~e5d141.tmp can be removed the PG Protection l and Security lists, still I can run the dictionary with no issues. But cdac11ba.exe needs to be at least set Manual. Disabling that will make the disctionary not run. Although I had the whole dictionary installed on my hard disk, I still need periodically insert the dictionrary installation CD to have it verified, I think, by cdac11ba.exe.

    The below is about cdac11ba.exe.
     
  9. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    I've seen "cdac11ba.exe" on another VAIO machine we have here and knew it was a copyprotection service by looking at the properties of the executable.

    But the new "activation" that comes with Photoshop CS is really over board and deceptive. I don't mind the activation part and acknowledge the right of software manufacturers to prevent piracy. But the adobelmsvc.exe creates random chibberish services named like: Rpcdcmrvn, Pcishcwqrpr, Acfstei, Psccamvr, Mnmd16ag, Ad_recibiall.

    And leaves them behind as copy protection markers, and when you search on them in the registry they have fake key descriptions, like "boot bus extender" or "video", something deceptive you probably would look at and leave alone because you have no clue who made it or what it is.

    I only discovered that it was Adobe doing it when I noticed that removing these fake services in the registry (and they do not make it easy since since you have to change the permissions of the entry to delete them) caused Photoshop to demand reactivation. And of course once I turned on PG3's root kit/driver/service global prevention, it was confirmed that this service tried to install a new phoney service every time Photoshop is launched.

    I mean what where they thinking, phoney services as markers? Like that's not going to attract attention? Couldn't a reg entry or encrypted file do instead?Are they just phoney markers or is Macrovision doing a little spying? Who knows, that's the whole problem. Sometimes I think Macrovision just goes way too far.

    Also I can delete the "~e5d141.tmp" file, but it creates a new one on start of Photoshop and if I disallow it to run in PG3, it closes Photoshop and demands to be reinstalled, so I leave the PG3 entiries for in it place, but limit it's rights severely as well as photoshop.exe and adobelmsvc.exe to read only.
     
  10. wanchan

    wanchan Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    33
    "~e5d141.tmp" on my machine once is deleted from those PG lists, it will not come back. Btw, Adobe PS7.1 is just enough for me. I am amazed at what Adobe is doing to their paying customers with the so-called CS versions. All of those tricks can be easily defeated anyway.
     
    Last edited: Nov 14, 2004
  11. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi rickontheweb,

    Welcome to Wilders! and thanks for contributing that info :)
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,053
    I get the same file show up when I run the Microsoft Flight Simulator.
     
Thread Status:
Not open for further replies.