I resently noticed that ProcessGuard was blocking some of my programs form working well. For example, Winfast WinTV, Limewire, and WinAVI all were blocked from accesing physical memory and installing global hooks yet they wouldn't work properly unless allowed to do those things when before they were not allowed and still worked fine. Is this normal for this programs to suddenly want to be allowed to access physical memory? dja2k
Hi dja2k, If you are putting these programs in your protection list and they are trusted then allow them the flags that they need. There could be many reasons why they appear tohave changed what PG needs to allow depending on the applications state or needs at a particular time. Providing you are not getting an unexapected alert from the new or changed on your security list re. those apps then I would not worry. As an aside, why do you publish your list of security apps in your signature? That in itself could be deemed a security risk by some. HTH Pilli
Thanks for the advice. The wierd thing is that before, these programs wouldn't ask of that? I am thinking maybe something got messed up in processguard. Would it be advicable to delete all the entries, put it in learning mode for a couple of days and make it reset itself? I am scared that one of my other security programs might have to stop something and wont be able to access memory or install hooks when it needs too. Remember, ewido did it to me and it hadn't before. Now explorer.exe is asking to allow access to physical memory, should I allow it? dja2k
"Now explorer.exe is asking to allow access to physical memory, should I allow it?" It should be safe to do this as long as explorer.exe has not changed recently. Each PC is different and the inter-reactions will vary as to what flags you may have to allow. Trusted programs should normally be given the flags that theyy need.
No , no program has changed cause it hasn't asked for program change allowance. All they are doing is asking for access to physical memory all of a sudden. Like winfast wintv won't show any tv channel unless I allow it to access physical memory. Limewire doesn't run unless I allow physical memory is allowed as well. dja2k
I don't know anymore, but a lot of programs are asking to be allowed to install hooks and access memory that I am sure didn't before. Maybe all this time, processguard was not working and now it is and that is why I am seeing all the blocking stuff, don't really know, and never had this situation before. Makes me want to clean install windows and do everything all over again. I cleared everything from the lists and made it do a new list and still the same thing. dja2k
explorer.exe doesn't need to access physical memory on my system (it just wants global hooks). I wonder if it does on anyone else's machine.
Well on mine it does, if not it doesn't show tumbnails, at least that is where I saw it blocking physical memory. Also should browsers be allowed to access physical memory? Also my winfast doesn't show any cable channels unless I allow it to access physical memory. Also dvdshrink doesn't preview any video unless I access physsical memory. The list goes on and on if I want, see more..... More: winlogon ewidosuite limewire msn messenger iexplorer firefox mediaplayer classic smss.exe Isass.exe svchost.exe ntvdm.exe alg.exe Should services.exe, winlogon, smss.exe, and csrss.exe be allowed to terminate protected applications? - cause that is what they have checkmarked.... dja2k
Dja2k, A program given physical memory access has the potential to do considerable damage and even disable ProcessGuard itself (see SDTRestore for an example) so it does make sense to be cautious about allowing such access. For Windows components, PG allows Physical Memory access by default to csrss.exe, lsass.exe, ntvdm.exe, smss.exe and winlogon.exe - these should not be changed unless you fancy breaking Windows. Other programs may require such access to function (e.g. the 3DMark benchmark and the DirectX troubleshooting tool dxdiag.exe) and should be allowed it if you consider them trustworthy. However the situation you describe of programs working without such access and then all suddenly requring it does sound strange (and possibly suspicious). Having said that, most of the programs on your list do have legitimate need so have things actually changed or have you simply created a new PG configuration or enabled the global "Protect Physical Memory" option? Browsers should never be given such access in my view (Opera tries it when its preferences are changed but continues working when blocked) since they are prime targets for malware attack and I would be leery about P2P clients as well. If these refuse to work without such access, then the problem may lie elsewhere, maybe with other software you have installed that changes their behaviour.
I have always had all but learning and blocked new and changed applications checkmarked in the main tab for protection. I haven't changed anything else. Did try to uninstall and start over, but the same thing is happening again. Don't really know why though. Also I don't know why services.exe, winlogon, smss.exe, and csrss.exe are being allowed to terminate protected applications? - cause that is what they have checkmarked.... dja2k
As mentioned above, most of what you listed has legitimate need for physical memory access. If you need to start from scratch, you can save yourself the hassle of uninstall/reinstall by just clicking the Reset to Default button in the Protection tab. Default settings again - they are allowed because these are Windows components and Windows does need to be able to terminate processes (not least ones that crash).
The only thing I have installed that might have changed the behavior of processguard is samurai and harden-it which were installed a while back. Don't really remember if the problems with processguard happened right after that. dja2k
Well I just proved that processguard is doing its job like normal though never understood why before it didn't ask me about the access physical memory and now it does Anyways I have done a clean install of windows today and as normal used the list below for my security defense. ProcessGuard still asking for access to physical memory as before. I guess I will let it do its work and allow that and let Prevx1 and Online armor protect it. I also turned off process execution from ProcessGuard as Online Armor can take care of that. KAV Pro 5.0.390 (Extended Database) Look 'n' Stop 2.05p2 (Phantom Rules) Regdefend 2.001 (Full) ProcessGuard 3.150 (Full) RegRun Gold 4.10 Prevx1 (Trial Expires 01-18-05) Online Armor 1.1 (Full) SpywareBlaster (All Active) Spybot Search & Destroy (Immunized) SafeXP Harden-IT (Best Config) Samurai (Medium\High Security) Sandboxie (Using with Firefox) Firefox 1.0.7 (NoScript+Adblock) MVPS Host File IE-SPYAD dja2k
Sometimes l get that with Firefox but l disallow it,l think maybe it's just some websites? But l'm for sure not going to allow it to access memory.
Its not just my browsers, its other programs as well like I said before, like dvdshrink, winfast wintv, limewire, and sometimes explorer.I think it was either safexp, samurai, or harden-it that cause that behavior in processguard. As I said, this is a clean install and still processguard acts like before. So I guess as long as I don't let my browsers access physical memory, the rest of the local programs are okay to allow physical memory? But like today I went to the tvguide site and when I clicked on a tv show link to show details, PG right away said that Firefox wanted to be allowed to access physical memory, I didn't allow it, and what do you know, Firefox shut down. I don't even know what allow physical memory is, but I am guessing it wants to read or write to some virtual space or something, though if I have all the other security programs which protect installations and running processes, then if I allow a program to access physical memory that I wasn't suppose to, the other programs would catch anything that passed by right? I might be wrong though, but what do you think? Am I still safe if ProcessGUard is doing that and I allow physical memory while I run all the other secuirty apps like kav pro 5, prevx1, online armor, and regdefend + all the hardening I have done to my system? dja2k
You should AVOID the Samurai option to clean rootkit hooks, or deny Samurai access to Physical Memory as discussed here https://www.wilderssecurity.com/showpost.php?p=495163&postcount=24 Just in case that is throwing a spanner in the works.. It could be a problem with your many security programs, one of PG's hooks could be overwritten, or it could be an unhooking problem due to "double hooking". By the sounds of it then there is a sort of incompatibility somewhere there and my first guess is that it's caused by something like this. If you are going to experiment, then try removing a few of those programs and reinstalling one by one to see if the problem a) goes away and b) returns..
I am not running samurai with the Rootkit Protection on. I avoided that Rootkit protection a long time again when I heard it wasn't stable and in beta. Samurai is not allowed to access physical memory in PG. dja2l