Help! process guard freezes computer upon reboot in learning mode??

Hi All,

I just installed process guard (the full version) on my computer and I went through the set up procedure:
1) Installed and rebooted
2) Enabled all protection (hooks, drivers etc.)
3) Ran all my programs in learning mode
4) Rebooted in learning mode

The computer then starts up, Macafee antivirus and firewall start up (splash screen appears) and a macafee icon appears in my tray. Then things go wrong. Webwasher does not start (is set to start up at boot), Winpatrol does not start (is set to start at boot). No icons appear in the usual place in my tray next to the clock. Then Macafee is turned off (icon goes from red to black).
Also no process guard icon appears. The computer does no longer respond to anything at this point. Nothing starts via the start menu, task manager won't start, and after 1 right click on the desktop that stops working too.

I had to unplug my computer, reboot into safe-mode and uninstall process guard. Upon normal reboot everything ran smoothly again (but without process guard obviously).

I would love to get process guard up and running. Can anyone help me?

 

Well this won't be the best answer. But here goes. I don't think you'll like this. Uninstall WinPatrol I believe it's essentially purposeless with PG is installed.

Now make sure you are NOT connected to the internet.

Reboot.

Disable Mc*f** antivirus and firewall & Webwasher.

Install PG in learning mode. Re-enable Mc*f** antivirus and firewall & Webwasher. Reboot. Reconnect to the internet. That should work.

 

failing that ... what version of PG are you using?

some ppl have been describing a similar freeze with 3.4b1 onward.

 

I am using the latest version. I believe it is 3.5.
I am very surprised that it is not working properly with Mcafee, I assume it has been tested with mainstream programs like that. Any suggestions as to what I can do?
The PG manual says that you can let application circumvent the globalprotection. Would it be possible to figure out which .exe ones I need to give this permission?

 

The latest on the site is v3.400. Did you not try my suggestion?

 

Missed your suggestion there, I'll try it first thing in the morning (bedtime now). In the meantime I tried installing PG, reboot, allowed McAfee, Webwasher and Winpatrol to circumvent all global protection (under protection I allowed Drivers, Hooks an d memory access for all instances i could find for these programs), Computer crashed on reboot.
Ok, goodnight, and thanks for the help so far, I'll try your suggestion tomorow and then get back.

 

Be sure to delete all PG remnants after uninstalling PG. Including program folder in Windows Explorer.

 

also including the registry keys (dcspgsrv and procguard from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services)

and restart after doing all those deletions, to ensure none of the PG reminants are still running.

 

Yes good advice.

If you have continued problems, try the next release which is due out soon. We found some causes of slowness on my new machine and this version now works perfectly again for me.

 

If you've experienced any problems please upgrade to the latest version, just released today, see here for details:
https://www.wilderssecurity.com/showthread.php?p=815108
That should fix any issues you were experiencing because only two bugs have been reported and both have been fixed (one of which Gavin was able to isolate and confirm that the fix was successful).

Best regards,
Wayne

 

Thanks for all the help! I'll try the new version. So far I uninstalled the older PG, deleted the program folder but I am not sure how to delete the registry entries? Is that necessary? If so, how can I do that safely?

 

It might not be necessary, if they are gone after the uninstall.

Actually, you won't be able to delete procguard from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services, because it doesn't run as a service! You can find that one at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

You would need to bring up Regedit (click Start/Run then type regedit) and navigate to the appropriate Keys. If you don't want to fiddle with the Registry (which can be dangerous) you should be able to check their status by using Autoruns from here:-

http://www.sysinternals.com/Utilities/Autoruns.html

You can look in the Logon and Services tabs for Diamonds' entries and delete (via 'Entry' in the menu bar, or right clicking) if necessary. That's the safe way of doing it!

 

Hi,

I used Autoruns to check for any PG /DiamondCS entries but there were none.
I then diabled Winpatrol and Webwasher. They no longer are set to start up at boot. The only thing left to start up at boot is McAfee Virus + Firewall.
Then i did the following:

1) I installed the latest PG version: 3.4.1.0 and let it reboot to finish the installation.
2) I enabled all global protection
3) Under 'Protection' I set all instances of McAfee to be allowed to circumvent all global protection (i selected all 4 options: global hook, drivers, memory and secure message handling)
4) I follwed an earlier suggestion and disabled and enabled both Mcafee Virus + Firewall. PG prompted me each time and I told it to allow it.
5) I rebooted
6) Startup seemed normal: McAfee shield appears and stays red in the tray (red = active)

And then nothing happens! PG does not appear in the tray, nothing responds anymore and I had to unplug and uninstall in safe mode again.

McAfee is the only thing to startup so is there a major compatibilty issue here ??

I am at a loss here, I bought PG for the global protection options but they freeze my computer.

Any suggestions?

 

I believe my suggestion was different than the one you employed. Major differences: disconnect from internet, disable Mc et al. Then install PG etc. As in my previous post.

 

The assumption that the problem is an incompatibility with McAfee may be wrong. I have very recently (an hour or so ago) experienced exactly the same type of lock-up with the current released version of ProcessGuard (installed after uninstalling 3.150) and I have absolutely no McAfee software on my machine. The lock-up occurred after I logged off and then tried to log back on to Windows; the desktop came up okay but absolutely nothing else did - not a single thing appeared in the bottom inch or so of my monitor - no Start, no system tray, no task bar and obviously no icons, no access to task manager, nothing. Only solution in the end was to pull the power cable

I then switched the machine back on and switched Process Guard to learning mode (I hadn't previously had learning mode on as I had kept the .dat files from v3.150) and rebooted, switched learning mode off and now everything is fine (I checked logging off and then logging back on to Windows and there was no problem).

 

Sorry, i should have mentioned that i did follow your suggestion. I disconnected from the internet and then went through the installation + disabling /enabling steps.
Process guard was in learning mode all the time, I just don't understand why it won't work.
I have tried some other variations and each time I end up having to uninstall in safe mode. I have e-mailed the DiamondCS people and i am hoping they can shed some light on this from their side.
In the meantime: if you have any other suggestions that I could try please let me know.

 

TopperID said:

umm ... yes it does, drivers are listed as services and PG definately has a driver. it would be VERY important to ensure this entry has been removed before installing (the uninstaller should do it, but you never know) as it is likely to cause problems with the installation of the new one!!

all the ...\run keys can be left alone in terms of re-installation (but should be checked anyway for security reasons)

 

I think something was still on my computer after the uninstall: after the reinstall of the latest version I did not have to enter my unlock code to get the full version, it somehow still knew that I had entered that in the past.
I'm a little nervous about editing the registry. I'll do it if someone can give me detailed instruction. And then I'll try another installation of PG.

 

Hi,

The registry still contains your license, this is normal. If you want to be sure of an uninstall, it might be easier to just uninstall in Safe Mode. In Safe Mode PG won't have any parts running, they are free to be deleted.

The help file also includes manual uninstall for which files to delete in Safe Mode, but the main on is PROCGUARD.SYS. It must be gone before installing a newer version.

 

Yes, you're right, sorry
Both procguard.sys and DCSPGSRV appear on that Key. I was managing to cofuse the former with proguard.exe

 

I've been away from my computer for a while. I'll be trying the installation again on Monday. I'll let you know if there is any improvement. Also, since the McAfee may not be the problem, i was wondering if I should post a list of everything that starts up when my computer boots? Maybe that way someone can figure out if something else is interfering?
I'll try any suggestions that you may have on Monday.

 

Hi,


I can not be sure of what your problem is, as it may relate to your individual software installed or hardware, as you say.

Here are my tips (untested in strict order), as I have had to uninstall PG from safe mode on many occasions in different versions, if I made a mistake in the setup. It is possible it is NOT due to the way you set up PG, but can be.

1)Firstly, disable PG's protection (if you are able to). REBOOT.
2)Enter safe mode using F8 from the start of reboot, and uninstall PG from its Start Menu icon in the Programs list.
3)Reboot in to SAFE MODE again.
4)Find any of these files you can, and then delete them if found:

pghash.dat (system32)
pguard.dat (system32)
procguard.dll (system32)
procguard.sys (drivers)

Thanks to redwolfe_98 (where I saw these files listed)

5)Reboot normally, now.

6) After XP starts up (I assume you are using XP), install latest PG v3.410 . It should not say it found any previous hash lists, but if it does, say delete them and start with a NEW list.


7) When it asks you to reboot, say no if possible.
Try to start-up PG.

If it doesn't crash, then follow step 8 first, before reboot. Otherwise, reboot and follow step 9, go back to do step 8, then, continue steps normally from 10 onwards.

8 ) Do you have windows Genuine Advantage installed?
I have noticed this can crash XP if PG is installed.
The file responsible for the cause is
wgatray.exe (system32)

Go to the PG protection list and ADD this application. MAKE SURE you ALLOW IT to ACCESS PHYSICAL MEMORY.

MAKE SURE learning mode is now switched ON, and at this point, DO NOT add any protection – leave only PG defaults.

Reboot.

9) Hopefully there is no XP crash after first PG installed reboot.
If there is, try to restart a few times until you get access to XP and PG again.

When it asks to to ADD CURRENTLY RUNNING PROCESSES to the protection list, make sure that you SAY YES.


10) Check all alerts to see if any file is asking for extra access, and give it any access it asks for if you are experiencing any problems.

11) Leave Learning Mode switched on with no extra settings, until you are sure all is running well, including being able to shutdown, reboot and enter Windows.



These are my main points for setup:
DO NOT add auto block of new/changed programs, for a while after you know a good working setup is achieved
Add all currently running processes - so PG doesn't restrict execution
Give wgatray.exe access to physical memory
Check alerts for files needing extra access


I hope some of this might be helpful.


Best regards,
Lee

 

Thanks for the response, i'm going to try your suggestions. And yes I have that wgatray.exe on my computer so i'll make sure to allow it access.

One question: At what point do you suggest that I enable the 4 global protection options?

Thanks

 

It works!! Thank you all for your fantastic help!
In the end I think it was Lee's suggestion of keeping PG in learning mode with only the default protection that did it. Here's what I did, in case someone else comes across a similar problem:

I disconnected my computer from the internet,
Disabled McAfee Virus + Firewall
Installed PG and rebooted,
Ran all my programs with DEFAULT PROTECTION, no global options selected
Gave wgalogon.exe access to physical memory
Rebooted
Gave All instances of MacAfee, Webwasher and Winpatrol permission to circumvent global protection
rebooted
Made sure that PG was again in learning mode
Then I added one global protection option, rebooted, then the next, etcetera until all 4 were enabled
Took PG out of learning mode
Connected to the internet and rebooted.
And it is no longer crashing!

Thanks again!

 

Good for you.

But I'll take some credit too.