Execution Protection problems..

Hi all, I disabled Learning mode on PG 3.0, and fired up a program that was not on the execution protection list..... It blocked the very first program, and asked to execute or deny.....

The second, third, fourth program i executed that were not on the list were allowed to execute, and in the security tab, it had "Permit Once". However I was able to continue executing the program over and over, yet it still said "permit once". So two problems here, will e-mail DCS

Rod

 

Hi Rod....long time no chat mate .

Yep, this has been reported a few times now and Jason is aware and working on it.


Regards,
Jade.

 

Jade!!!

How are ya buddy?

Yes i've e-mailed DCS, and Gav stated Jason is on the mark with this one, hope it gets resolved..... I LOVE MY PG!

Rod

 

I had the exact same problem as you describe in the first post. I have just done a bit of investigating and found a cure on my machine

What I did was to remove the 'Install Global Hooks' option for the CTFMON.EXE process.

Then reboot.

Give this a try an see if it sorts the problem, if it does then post here and one of us can inform DCS

Hope this helps
Tom

 

Well done frogfoot, I have reported it to DCS directly, it may give Jason a lead.

Pilli

 

Yep, hopefully it may lead to something. Nice one .

Regards,
Jade.

 

I don't even have CTFMON.exe in my protection list....bugger!

 

I don't have it ether. It's an Office XP process. I'm running Office 2000

 

Well, I have it, but I'm not running Office XP, just Office 2000.
Global hooks weren't enabled in learning mode.

 

I dont know whether it is the same issue as posted in this with what I have seen on my xp prof sp2 box with pg3.
PG3 : high settings.
With "new exe block" enabled : when try to run a new exe, log shows that exe is blocked from running. Looking at taskmrg.exe GUI, that exe is there anyway with very small "footprint" about 52KB - 60KB, and multiple such exe are in there too corresponding to how many time of trying to get it run. I have seen this symtomp since PG2 and posted on this forum but no addressing to that.
I will try to register to be able to post images.

Is there any "vulnerability" in such cases?

 

This is image to show "exe prot" issue?
In fact, the symtomp seems to have with other exe, not just taskmrg.exe of windows, for example, with wplayer.exe

 

I think if you installed the language pack for office 2000 you can have it to.

http://www.neuber.com/taskmanager/process/ctfmon.exe.html

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q282599

 

I have found the cause of this execution problem.

When a global hook is created by whichever program (CTFMON.exe being the one most people are likely to encounter) it seems to taint pgaccount.exe making it unable to do something it needs to work. This isn't a bug or problem with pgaccount.exe at all, it is due to the way Windows hooking works. Regardless, I managed to make pgaccount.exe untainted everytime something like ctfmon.exe taints it again, which makes it work flawlessly.

In the meantime, simply BLOCK GLOBAL HOOKS in the global protection options, and make sure any program like CTFMON.exe does not have Allow Global Hooks. Reboot your computer and the problem will be gone. Alternatively you can just make sure those programs which create these style of global hooks don't startup at all (you can disable ctfmon.exe for example).

This bug in windows hooking doesn't relate to ALL hooks, only some. So not every hooking program on your system needs to be removed. It may require some trial and error but you should be able to identify which programs are causing the issues.

Hopefully a new beta will be out soon in a few days with this fix plus more.

 

Excellent stuff! Nice work Jason .

Regards,
Jade.

 

Well done Jason!
Tom