Newbie questions

Discussion in 'ProcessGuard' started by Mele20, Jan 11, 2005.

Thread Status:
Not open for further replies.
  1. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I am new to Process Guard. Trying the free version first but will probably buy the full version. I have a few questions. I've had PG running about 10 days now.

    On the Main window, under protection statistics it states it has protected me from two attacks. How do I find more details?

    Second, in the logs I keep finding this entry:
    Tue 11 - 12:43:21 [EXECUTION] "c:\program files\ff\firefox.exe" was allowed to run
    [EXECUTION] Started by "c:\windows\explorer.exe" [1292]
    [EXECUTION] Commandline - [ "c:\program files\ff\firefox.exe" ]
    Tue 11 - 12:43:23 [EXECUTION] "c:\program files\ff\firefox.exe" was allowed to run
    [EXECUTION] Started by "Unknown Process" [1272]
    [EXECUTION] Commandline - [ c:\progra~1\ff\firefox.exe ]

    Why does it say that Firefox was started by an "unknown process"? Also, what do the numbers mean like [1272]?

    What might cause ProcessGuard to freeze in the systray upon reboot after removing Microsoft's antispyware beta application?

    Thanks. :)
     
  2. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi Mele20,

    You will have to review the log files. Click "View Logfiles" in the Alerts tab.
    The bracketed numbers are process IDs. The same as would identify processes in Task Manager. I have similar entries for certain apps I use. Since they occur randomly (with everything else unchanged), I would assume it to be a PG bug:

    19:21:37 [EXECUTION] "c:\program files\greatis\regrunsuite\watchdog.exe" was allowed to run
    [EXECUTION] Started by "Unknown Process" [636]
    [EXECUTION] Commandline - [ "c:\progra~1\greatis\regrun~1\watchdog.exe" ]
    19:22:00 [EXECUTION] "c:\program files\greatis\regrunsuite\watchdog.exe" was allowed to run
    [EXECUTION] Started by "c:\progra~1\greatis\regrun~1\regrun2.exe" [1844]
    [EXECUTION] Commandline - [ "c:\progra~1\greatis\regrun~1\watchdog.exe" ]
    I will try to duplicate that on my system and let you know.

    Nick
     
  3. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi Mele20,

    I installed the MS beta and ran it through its paces with default settings. Rebooted, uninstalled it and rebooted a few times. I did not see PG freeze. Does it happen on every boot?

    Nick
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Mele,
    MS's Antispyware (was Giant) is still in beta so unless we get other reports it is hard to say what causes the freeze on your Machine but I do know that it does install a service which may be the cause of the problem.
    Running Giant (original) with PG causes absolutely no problems for me.

    Jason may be able to answer your about programs being started by an unknown process. I am sure it has been mentioned before but cannot find the link ATM :oops:

    Cheers. Pilli
     
  5. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Thank you! There I was looking in the log files but all I noticed was those process IDs that change and the fact that FireFox was started by an "unknown process". I didn't read the logs thoroughly so I will look more carefully to see what I was protected from twice.

    I installed the MS beta antipspyware and ran a scan. A little while later, I uninstalled the application. (It had caused the computer to crash when I installed it and I could not stop the real time scanner from running...I just wanted the on demand scanner). I rebooted and started FireFox. I then started Task Manager and minimized it to the systray. I then right clicked on Process Guard and the menu opened and then I could do nothing. I couldn't even "exit". Task manager was behind the open Process Guard menu so I could not open it to end task. (Later I realized that I couldn't have done that anyhow because I made a newbie mistake and did not have Task Manager authorized to terminate protected applications). Then FireFox froze. Luckily, I was able to shut down from the start menu.

    When I rebooted the second time after having uninstalled the MS antispyware, I was immediately greeted with an error box saying that I should stop the software installation because it was not digitally signed. I had no idea what this was referring to as I wasn't installing any software. I clicked cancel on the error box and that brought a new error box that said my new hardware installation was improperly installed due to the software for it not being digitally signed. I wasn't installing any hardware either.

    I had a major problem stemming from these errors https://www.wilderssecurity.com/showthread.php?t=61015&page=3&pp=25
    post #58

    but before I tried to figure out why I was getting those errors that I could not click away, I did try opening Process Guard and it did not freeze this time.

    I don't think it freezing had anything to do with the major problem (which is still not fully resolved) but I did wonder a bit because it should not have frozen and it did so right after uninstalling an application and just before the other error messages which resulted in a dead 56K modem.
     
Thread Status:
Not open for further replies.