Erro: Could not attach to kernel mode driver

Discussion in 'ProcessGuard' started by spm, Feb 2, 2004.

Thread Status:
Not open for further replies.
  1. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    I have just purchased a PG 1.2 licence and installed it on my WinXP Pro (with SP-1). On every boot-up I encounter this:

    Could not attach to kernel mode driver.
    Please make sure Process Guard is installed correctly.

    I have tried re-installing (each time on an admin account) without success. What now?
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Steve, Did you have a previous version installed? If you did the uninstall has to be carried out as follows:
    Disable PG protection, close procguard.exe, in Task Manager kill pg_MSGprot.exe.
    If you missed those steps then you will need to do it in safe mode:

    Step-by-Step guide to Manually Uninstalling Process Guard

    You will probably never need to do this. This should only be required if you run into any strange problems with Process Guard that doesn't allow you to boot into your operating system normally.

    1) Reboot your operating system into SAFE-MODE. To do this Reboot your machine, and just after your BIOS screen disappears keep pressing the F8 key. A menu should appear, select "Safe Mode" and press Enter.
    2) Run Process Guard's uninstall utility. You can see this from the Start Menu -> Process Guard -> Uninstall.
    3) To verify the removal, make sure procguard.sys does not exist in (c:\windows\system32\drivers) directory, and that procguard.dll and pguard.dat are not in your system32 directory (c:\windows\system32). If they still exist delete them.
    4) Reboot your machine and Process Guard should now be removed.

    You may also need to delete this key from the registry:
    If you feel confident working in the registry - Do a search for "procguard" without the speech marks. What you are looking for is a folder "Run" called procGuard_ Start if it is there delete it.
    The key is
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run - ProcGuard_Startup"="\"C:\\Program Files\\ProcessGuard\\procguard.exe\" -minimize


    Re-install the new version :)

    1) Install Process Guard and reboot.
    2) Process Guard will start up when you return to your desktop.
    3) The first time you run Process Guard it will ask you if you want to auto add some common programs and services. Click yes.
    4) Process Guard defaults to "disabling" protection. So before Process Guard can work properly you will need to enable protection. Simply go to the PROTECTION menu in Process Guard, and untick the "Disable All Protection" option.
    5) Process Guard is now initially setup and providing some level of protection over your system.
     
  3. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Hi Pilli:

    No, I did not have a previous version of PG installed. I actually trialed PG on a different machine.

    I have tried uninstalling again thus:

    • Disabled PG protection;
    • Closed procguard.exe;
    • Killed pg_MSGprot.exe via Task Manager;
    • Edited the registry to remove all references to procguard;
    • Ran the PG uninstaller.
    The uninstaller reported success. I then rebooted, reinstalled PG and rebooted again. Same result.

    If PG will not run on this machine, I will have to request a fuoll refund.
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Steve may I ask the machine's spec please? CPU etc.
    Can I suggest that you switch the machine off completely for a couple of minutes
    When restarted run procguard.exe and if it opens enable protection. then reboot again.
    The only other possibility is a corrupt download?
    Also I must mention that a new version will be released in the next day or two. :)
     
  5. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Pilli:

    The machine is a Pentium 300MHz, 128Mb memory, 45Gb hard drive, and runs as an internet gateway for a small office environment, with firewall, A/V, mail server.

    I have tried re-downloading and un/re-installing PG, with the same result. The download does not appear corrupted.

    Will the new version specifically address this issue?
     
  6. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    just don't launch procguard.exe at startup, it isn't needed to be protected.
    The driver will anyway be loaded at startup and will protect you.

    If absolutly needed, launch procguard.exe manually after the reboot.
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    As GK said, You can stop procguard.exe from loading at start up by removing the shortcut in the start up folder, then starting it manually from the desktop, as there may be some driver contention.

    The new version is using an updated installer that may also help with your issues.

    Regards Pilli
     
  8. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    gkweb/Pilli: Thanks, I'll run without procguard.exe at startup. That makes sense anyway.

    Hopefully the new version installer will sort out the contention issue you have with the current.
     
  9. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Another solution seems to be to rename PG_MSgprot.exe to PG_Msgprot1.exe (PG_Msgprot handles Close Message Handling). You might want to try that and keep procguard.exe in the startup.

    -Jason-
     
  10. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    And what would the advantage of that be? Would I also lose the facility for Close Message Handling?
     
  11. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Yes, but it would be helpful to see if that also fixed your problems. That way I can find out easier what is exactly causing this issue.

    Actually another solution I just thought off... try disabling Close Message Handling on Procguard.exe, and making procguard.exe run on startup like usual.

    To do this load up Process Guard, click on procguard.exe, go to the Options item, then make sure "Close Message Handling" for Procguard.exe is not ticked. Then see if this fixes your issue.

    -Jason-
     
  12. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Jason:

    Sorry, neither of those suggestions resolves things. Renaming pg_msgprot.exe and rebooting, and disabling Close Message Handling for procguard.exe both fail to eliminate the startup error.

    If procguard.exe is started manually, rather than at startup, all seems OK.
     
  13. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Thanks Steve!

    -Jason-
     
  14. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    I have now implemented more fixes for this "Could not attach" error, hopefully in the v1.250 no one will be having any more of them. :)

    -Jason-
     
Thread Status:
Not open for further replies.