No log and PG just ignored its rules

Discussion in 'ProcessGuard' started by Mele20, Mar 31, 2006.

Thread Status:
Not open for further replies.
  1. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I reinstalled 3.15 yesterday. It was working fine until today in learning mode when IE7b2 crashed over a plugin for Spybot. PG icon went red and said that it had blocked DrWatson from terminating IE. Why did it go red in learning mode? I wondered why I couldn't send a bug report for IEbeta to MS or terminate it. PG is set to allow DrWatson to terminate so why did it ignore this rule?

    I then tried to examine the PG logs and there are no logs.
     
  2. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    mele, that is the "normal" way that PG 3.15 behaves in learning mode..

    as you see, in learning mode, "drwatson" was given the necessary priviledges that it needed so the next time drwatson runs, the icon will not turn red..
     
  3. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    It is not normal for PG to block DrWatson. Everything was still there ...all the settings from earlier. It was in learning mode just because I have some new applications since I last used PG 3.15. But DrWatson and Task Manager were long ago given all rights. It should not have blocked DrWatson. I won't use an application that does not obey the rules I have set. It is not obeying them. It was ALREADY SET TO ALLOW DRWATSON TO TERMINATE. It violated its rule. This was a reinstall of PG 3.150. All settings that were there when I uninstalled it to try the betas were still there. This was not a virgin install. PG violated the rule I had set long ago.

    Besides, what do you mean it is NORMAL for it to block DrWatson in learning mode? The normal behavior is for it to ASK ME WHAT I WANT IT TO DO. That is what learning mode is all about. It is not supposed to act before asking. It didn't ask. It blocked. So, even if I had not had it set already to allow DrWatson to terminate, it should not have blocked Dr.Watson. It should have asked me what to do.

    The fact there are no logs indicates something is wrong. So why are you saying it was normal for it to do something that I had it set NOT to do?

    I had to disable it before I left today because it had popped up a query which stopped my monitor from shutting down and that is really a no-no. The query it popped up was about another process that is already allowed but it was asking about it. It is not running correctly and I'm going to have to uninstall it. What if I had already left before it popped up that query? My monitor would have been frozen on for eight hours. I can't have that. I'm on the verge of just getting BoClean. I don't need both PG and BoClean and BoClean is hassle free and will fully protect me, probably better than PG, and definitely just as well and doesn't need constant care and feeding.

    EDIT: I had it disabled and I just went to shut it down and it froze. That is what the betas do all the time. Now 3.15 is freezing. I don't think PG is compatible with the video drivers I have. There is a growing list of applications that are not compatible with these drivers.
     
    Last edited: Apr 1, 2006
  4. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Mele20,
    It sounds like you have a valid point, I would suggest that you send DCS an email and raise a formal support call with them to get your problem sorted out. As you have probably realised already Redwolfe_98 was just trying to be helpful and his response wouldn't have stopped someone from DCS responding to you after the weekend
     
  5. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Sorry if I sounded grouchy. I'm having a bunch of problems suddenly with Bit Defender Pro that had been just fine and I really like BD ...until the forced upgrade to 9.5 which I can't use and BD, contrary to what I have read, is very slow to respond to email and then ignores the problem. So, to have two security applications giving me problems at the same time...well..it is making me irritated. Then there is a major problem with my internet speed which is less than 1/2 what it should be and that appears likely to be caused by the nVidia networking controller on this new computer and there is IE7b2 which doesn't get along at all with my video card...I think I need a vacation from computers and their problems...too bad I have to wait until May for that!

    Redwolfe, I didn't explain very well in my first post and I'm sorry I sounded irritable with you. I do realize you were trying to help.
     
  6. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    "It was ALREADY SET TO ALLOW DRWATSON TO TERMINATE. It violated its rule. This was a reinstall of PG 3.150. All settings that were there when I uninstalled it to try the betas were still there."

    there is your problem.. you did not to a clean install..

    unfortunately, PG 3.15 does not allow for "importing" rules..
     
  7. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    to uninstall PG and then do a clean install, what i do is: first, disable PG's protection. then close the "gui" by rightclicking on the PG icon in the systray and clicking "exit". then, open task manager to close all of PG's running processes.. then run the uninstall from "add/remove"..

    i would reboot after running the uninstall..

    then, delete any leftover files, specifically "pghash.dat", "pguard.dat", and "procguard.dll" (if it exist), in c/windows/system32, and procguard.sys in c/windows/system32/drivers (procguard.sys is usually removed by the uninstaller)..

    delete any PG files left in c/program files, along with the PG folder..

    then install PG..

    i would not leave PG in learning mode for more that a few minutes.. anything else that needs to be added to PG's "protection" can be added later, as needed..
     
    Last edited: Apr 3, 2006
  8. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    "The normal behavior is for it to ASK ME WHAT I WANT IT TO DO."

    unfortunately, PG does not ask what you want to do.. it either allows something or blocks it.. i wish that PG would ask you if you wanted to allow something instead of just blocking it..

    edit: PG will ask you if you want to allow a process to run if it does not already have permission to run, but it will not ask you about allowing the process any special priviledges..
     
    Last edited: Apr 3, 2006
  9. some made up name

    some made up name Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    60
    The way i see it is that PG in learning mode does not ask questions (because it learns automatically) and asks you what to do when learning mode is disabled. The blocking on first detection i also see as a way for PG to tell you that a program wanted to do something special (protection tab), giving you the chance to change the setting back if you don't want it to do that something (and also rerun it :rolleyes:). It should be done in a better way though, eg. allow the user to choose (via gui) whether to block first or allow first ;)
     
  10. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii

    You are right that I forgot to go check and see if those two files that are supposed to disappear with the uninstall were still in Windows system32 folder and delete them if they were there. I will have check all that and do a clean install. I was just thinking that I had forgotten to do that when I saw your post about it. :)
     
  11. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii

    I don't know about a "better" way. I have wondered about AppDefend and been curious about it for a while so I thought after I uninstalled PG this last time and before I installed it again, I'd see what AppDefend is all about. It drove me nuts right away. It asks the user what do about EVERYTHING and I mean EVERYTHING. Almost constant popups. It was too much user interaction required.

    I do think PG should allow the user to choose whether to block first or allow first. That would make me happier. I thought I recalled Wayne or Gavin saying that in the beta that more applications would come with better default actions. I think Task Manager should come with the right to terminate set by default and DrWatson should be given that right by default. It makes no sense to have PG block everything by default and I thought that changed in the beta.It makes no sense to block by default anything to do with important system actions especially actions related to Stop errors and freezing of applications, etc.
     
Thread Status:
Not open for further replies.