'Log off / Turn off' Problem...

Discussion in 'ProcessGuard' started by Mike PJ, Nov 29, 2003.

Thread Status:
Not open for further replies.
  1. Mike PJ

    Mike PJ Registered Member

    Joined:
    Nov 29, 2003
    Posts:
    6
    I really like the new Process Guard V1.1 Full :), but I'm having problems when it comes to shutting down my PC or logging out of an account. :doubt:

    With the protection enabled Windows sticks at the ‘Saving your settings’ screen. I've waited 5 minutes to see if the PC eventually shuts down / logs out, but nothing happens - though hard drive activity still seems to occur.

    Normally my PC shuts down within 5 seconds. Disabling the protection allows my PC to shut down properly again - but only after a forced reboot. I’ve had no problems with V1.0 and I've already tried reinstalling V1.1. (My PC was rebooted before and after uninstalling/reinstalling V1.1.)

    I’ve currently reverted to V1.0 as it’s a pain having to restart the PC just to switch accounts and then sit through Scan disk – which always finds errors due to the forced shut down while the hard drive is active.

    Hope someone can help.


    WinXP Home SP1 + updates
    NIS 2004 / TDS3 / PE / Ad-Aware Pro
     
  2. Mike_ZZ

    Mike_ZZ Registered Member

    Joined:
    Aug 25, 2003
    Posts:
    10
    Wow, thank GOd it's not just me! :D

    I'd just logged on tonight to ask for help on the exact same thing - I 'hang' when 'log out' to go to another user account/shut down - for 20 mins or more!- same thing; "saving user settings".

    I've uninstalled, re-installed, logged off, manually de-installed via the advice above, refused default prot load advice, accepted it etc etc etc etc. No difference.

    True now, I now REALLY like PG - and with this new version; the added HIR with the MOVING and BAR CODED background for the confirmation - LOL :D :D,
    Superb!! - a hunter-killer app should now become recognisable by it's physical size as it'll be towing some serious OCR code too!!!!!

    BUT, seriously, it's of no use if it can't be used, and I too am an XP SP1 multi account user WITH NO V1 difficulties having immense probs with V1.1 - and so reverting.

    Hoping someone smarter than me can help...

    Regards
    Mike
     
  3. Mike_ZZ

    Mike_ZZ Registered Member

    Joined:
    Aug 25, 2003
    Posts:
    10
    ooops, pressed post instead of preview - just to add Mike PJ - you shouldn't have to wait too long for a real answer DCS is excellent in their support.

    Mike

    PS as this is post 1 for you, I guess I get to say hi first!!
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi guys, welcome to the forum.

    Waiting for the DCS people or other HEGs (Highly Experienced Guys) to give hands in this. I'm very sure it will be solvable but i'm not able to yet.

    Mike_ZZ in the upper right corner of your posting is the "modify" button so you can change your posting with that after posting, even after longer time after growing insights :)
     
  5. Mike PJ

    Mike PJ Registered Member

    Joined:
    Nov 29, 2003
    Posts:
    6
    Hi Mike_ZZ and Jooske, thanks for the welcome. :)

    It always feels better when it’s not an isolated problem – not that I’m glad you have the same ‘log off’ problem as me Mike_ZZ…if you know what I mean. :D

    Looking forward to a possible solution……
     
  6. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    May be i'm wrong, but it doesn't sounds like a bug, but more like you haven't
    given allowed privileges to important system services.

    For example on my computer :

    pg_msgprot.exe : Write, Terminate, Suspend, SetInfo
    lsass.exe : Write, Terminate, Suspend, SetInfo
    svchost.exe : Write

    And i can logoff as usual on my XP + SP1
     
  7. Mike PJ

    Mike PJ Registered Member

    Joined:
    Nov 29, 2003
    Posts:
    6
    Hi gkweb. Thanks for your reply.

    The problem appears even when logging out of an account with administrative rights. PG itself gives the permissions you suggested (plus more) to those files by default.
    If I’m being dumb and missing your point please bear with me! Any advice is gratefully received. Please remember I’m using XP Home and V1.0 had no problems what so ever (I’m using V1.0 again just now).
     
  8. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    I think theres a few things the problem could be, we have sorted out issues already and this will just need some heavy debugging :)

    I'll try to get the same thing here on Win2k, works fine logging off here. Does on another well maintained (clean) Win2k system but not on an older XP install. So there is something there or maybe its ONLY XP. Which poses the question does anyone have the problem with Win2K ? :) thanks for the help everyone
     
  9. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Mike PJ,

    Please be careful if using v1.0 as it is less powerful and install/uninstall needs to be checked manually. If you accidentally switch v1.0 EXE or driver with parts of 1.1, there will be real problems.

    There is a manual full uninstall mention in the help file step by step guide to make sure its a clean uninstall :)
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    This thread leads to a question I have. I noticed that some of the processes like services.exe and svchost.exe have the same 4 privileges, both blocked, and allowed. They were installed this way, the first time I ran the program. I assume the effect is to allow them, and that this is intentional. Is this the correct settings.

    I thought I might have a shut down problem, but the I realized that I had done a defrag, and went right to shutdown, and Go Back had to finish its writes, before the system could shut down. PG is working great.
     
  11. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    No problems here either logging off or shutting down.

    My installation here is an upgrade from WinMe to XP Pro. Pete
     

    Attached Files:

  12. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    no problem on my clean XP PRO install (not upgraded from another windows)
     
  13. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    I suppose this will make it to some sort of FAQ sooner or later, but in the meantime, see if this helps:

    By the flags being set as you have described, you are a) allowing, say, svchost, to terminate, write, setinfo etc. other protected processes. Which will give lots of log entries and possibly erratic system behaviour if disabled. And you are b) preventing svchost from being terminated, written to, suspended etc. by any process (except for those with allow privileges in PG). This is a good thing in itself, but it also means that nothing can sneak into is and use its terminate, suspend etc. privileges that you have granted in a).
    Only you set them in the reverse order, i.e. first "block flags" and then "allow flags".
    Allow flags override block flags, all the more reason for having strong access restrictions to those processes that you give allow flags to.

    Don't know if I could make it clear...?

    Andreas
     
  14. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Unless I'm mistaken, it looks very much to me as though:

    (1) the default settings for the things you've included should just be left alone.

    (2) Nothing else should be given "Close Message Handling" except PG itself.

    (3) Anything else you want to add protection for should just be added in and left with the default settings

    (4) You let the chips fall where they may with the logs - you'll get a lot of un-needed information BUT it all bears looking at to discover anomalies

    Does this sound about right? Or am I missing something as regards "Close Message Handling"? Pete
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Re the Log off/Turn off problem. I spoke to soon when I said I didn't have it. I do also. Will post details later.
     
  16. Terravita

    Terravita Registered Member

    Joined:
    Mar 11, 2003
    Posts:
    9
    Add one more to the log off problem. I have followed the instructions for a manual uninstall in safe mode, turned startup off on all security software, reboot, reinstalled PG with reboot, turned on startup for all security software and reboot. The next time I reboot, the system hangs at saving settings.

    I am running a clean install of XP sp1 with all updates applied.
     
  17. linney

    linney Registered Member

    Joined:
    Feb 17, 2002
    Posts:
    174
    I too have encountered the "Saving Your Settings" logging off problem. The machine will hang indefinitely until manually reset. I was going to post this yesterday but I had already posted two other problems and thought that my machine was the culprit. It is a great relief to know that other XP users have confirmed this as a fault. We can rest assured that DiamondCS will soon have a fix for it.

    Also sometimes when switching users I get the "Error 3" message about Attaching to the Kernel Driver. I then reboot. On reboot I sometimes get the BSOD Stop error 0000000a IRQ_Less_than_Equal.

    Just to add to the list of woes, using the "Process Kill Demo" it says that it could not remove any of the Security Programs. However several times this has caused my Outpost Firewall to pop up a window saying it has to close because of problems, or even just close without any pop up warning. At other times Outpost remains untouched. This is despite being protected by Process Guard. My other protected programs have no problems.


    My machine had none of the above problems with the previous version of Process Guard. They only occurred after installing the new version.
     
  18. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I have Ver. 1 and so far haven't downloaded the new one. I am reading about the shut down problems. I have had a problem with Ver 1 so I would shut PG down first. Then the shut down wouldn't hang. Can you do the same thing with the new one? I have XP Home Edition.
     
  19. linney

    linney Registered Member

    Joined:
    Feb 17, 2002
    Posts:
    174
    WilliamP,

    The short answer is "No". Once Process Guard is installed that's it. Uninstalling it fixes it. Disabling or Closing it doesn't.

    Thanks anyway.
     
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Bizarre. For Wayne,Jason, and Gavin. First I want to document my system.

    3.0 Gig Pent IV. with 1 Gig mem. No resource prob.

    software is:

    Win XP Pro Sp 1 with all patches/upgrades.
    Go Back
    F-Prot
    Zone Alarm Pro 4.5
    TDS-3
    WormGuard
    ProcGuard
    Spybot S&D
    Adaware
    Raxco Perfect Disk Defrag.

    This thing has me scratching my head, because yesterday, I wasn't having any problem, doing several log off's, and shutdowns. I no sooner earlier stated that I had no problem, and oops. I can't logoff, or shutdown. In fact since my power switch is on only, to shut the computer off I have to reboot into safe mode to shutdown.

    First thing I tried was a defacto uninstall. Didn't actually uninstall, just went into safe mode and renamed the procguard.sys, and rebooted, thus shutting down Proc Guard. Log off and and shutdown are then fine. Since everything had seemed fine night before, I then used goback to revert the drive back to the night before. Still had the problem. Then remembered the only other thing I had done was defrag the drive, and I didn't revert to a time prior to that.

    At this point I did a complete uninstall, making sure to remove everything, and then a new install of PG. I let PG do it's automatic install, and then added my programs. At first it seemed to work, but back to can't log off or shutdown.

    Also tried shutting down PG, but the kernel is still at work, so that didn't help. Also tried uninstalling the protection of wormguard, but alas, no help.

    My next step is to again uninstall, and reinstall, but not add any of my programs, and see if that makes any difference. Will post the results.

    Any idea's for fixes.
     
  21. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Oh well I have already removed the Ver 1 and I am not going to download the new one. I have NOD32 and XP. I certainly don't want the headaches of not being able to shut down. Why can't it be shut down by me? That worked for Ver 1.
     
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Okay, experiment continued. Reinstalled, and just let the automatic install work. Added no additional programs. Still couldn't log off, or shutdown. Then tried shuting down the close window option on PG: didn't help. Finally tried disabling PG before trying the log off, and that also didn't work.

    Don't have any further idea's so I reinstalled Version 1.0 for now.

    Wayne,Jason, Gavin: If you have anything further that you want me to try, let me know. I don't mind experimenting on this system, thanks to Goback.

    Pete
     
  23. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    isn't the big difference between 1.0 and 1.100 is the close msg handling ?
    If you disable it, is it still hanging ?

    May be Wayne or Jason will come with more answer.
     
  24. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    The big difference is you dont even need ProcGuard.exe running to be protected by the system. And others :D

    Close Message Handling can be disabled and it wont help I think, the best thing to do is to try disabling protection then shut down PG if you want to logoff or whatever. Does this help ?

    IF we have to handle the logoff and shutdown sequences differently then we look into that before the next build. Jason will sort things out soon, there may even be a new build straight away so we will let you know very soon what is up :)
     
  25. Mike PJ

    Mike PJ Registered Member

    Joined:
    Nov 29, 2003
    Posts:
    6
    I think I found this to work – but unfortunately only after a reboot which made doing this impractical. After a reboot I could log off ok as long as protection was left disabled, and (if I remember right) I could enable protection and it would still shut down the first time OK but then be back to sticking from that point on. (But all that’s purely based on memory!)
     
Thread Status:
Not open for further replies.