PG 1.15 and AOL 9.0 Optimized

Discussion in 'ProcessGuard' started by siliconman01, Dec 7, 2003.

Thread Status:
Not open for further replies.
  1. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    I have AOL 9.0 Optimized on my Windows XP-SP1 Home system. When activating AOL, I get PG log messages that it tries to get access for all Write, Terminate, Set Info, and Suspend Blocked items of every pgm set up in PG. So I put waol.exe in PG with all options ALLOWED. That clears the waol.exe log messages.

    However adding waol.exe results in AOLACSD.exe (AOL's connections driver) log messages on waol.exe. So I put in AOLACSD.exe with all options ALLOWED. The log messages for AOLACSD.exe continue for Write, Terminate, Set Info, Suspend access to waol.exe.

    Hmmm... I think I'm jinxed!
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    Your not jinxed. I get the same thing. It has been reported to Jason at DCS

    Pete
     
  3. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Could you please post logs of this occuring, it helps a lot. :)

    -Jason-
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    Hi Jason. Emailed you about this: Here is the log.

    [17:24:38] - [P] - c:\progra~1\common~1\aol\acs\acsd.exe [1676] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\america online 9.0\waol.exe [3128]
    [18:12:28] - [P] - c:\progra~1\common~1\aol\acs\acsd.exe [1676] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\america online 9.0\waol.exe [2964]
    [19:21:14] - [P] - c:\progra~1\common~1\aol\acs\acsd.exe [1676] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\america online 9.0\waol.exe [3376]
    [21:27:03] - [P] - c:\progra~1\common~1\aol\acs\acsd.exe [1676] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\america online 9.0\waol.exe [2684]

    The log entry only occurs once, when AOL is first started, so this log entry represents starting AOL up 4 times.

    I have acsd.exe(only 1 on my system) in my program list, and write,terminate,set inifo, and suspend are all allowed.

    Pete
     
  5. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    [00:57:54] - Window Log Started
    [00:58:04] - [P] - c:\progra~1\common~1\aol\acs\aolacsd.exe [252] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\program files\america online 9.0\waol.exe [3212]
    [00:58:04] - [P] - c:\progra~1\common~1\aol\acs\aolacsd.exe [252] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\program files\america online 9.0\waol.exe [3212]

    I get these two entries on each sign on. This is with waol.exe and AolAcsd.exe in PG and with all options Allowed.
     
  6. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Yeah, I was interested in Silicons log though Peter :) . Though I do see your actual LOG now instead of your interpretation. Combined with Silicon's log I can now confirm why it is doing this. BTW Silicon, how is

    c:\progra~1\common~1\aol\acs\acsd.exe

    Started. Like do you start it yourself, or is it started automatically when windows loads, and if so, where?

    Short term solution :- Get rid of the DOS/SHORT directory naming. For instance c:\progra~1 change that to c:\program files and common~1 to common files. The place to change this is the place where the file gets started. I would assume it is a registry entry or somewhere in your Startup folder.


    -Jason-
     
  7. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    AOLACSD.EXE is part of the AOL Connectivity Service named AOL ACS and is established as a system service by AOL 9.0 Optimized. It is loaded on system start up.

    Changing the format to get rid of the DOS/SHORT format does work and the logging entries for AOLACSD.EXE no longer appear on AOL activation.

    Changing the format to get rid of the DOS/SHORT format also stops the Pest Patrol log entry for ppmemcheck.exe Terminate, referencing my thread on Pest Patrol.

    Both of these changes are Registry modifications...no problemo
    As of NOW I have a Clean LOG. :D :D

    Is this something you are "fixing" in Process Guard or is it a manual fix that I will have to do anytime Pest Partrol or AOL are updated/upgraded?
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    What did you change in the registry. In explorer all my files and folders don't have the dos format, and in fact where I entered the files in PG, the paths show the full format. I looked in the registry and the path to acsd.exe is also in the long full format.
     
  9. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    I found them under:

    Hkey_Local_Machine\System\ControlSet001\Services\AOL ACS
    Hkey_Local_Machine\System\ControlSet002\Services\AOL ACS
    Hkey_Local_Machine\System\CurrentControlSet\Services\AOL ACS

    Change the variable ImagePath in each Control Set.
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    Thanks Siliconman01 :D, and to AOl for a stupid installation choice :p
     
  11. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    My pleasure...and AOL's too :D
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    I don't quite know the cause, but I just went thru an interesting exercise. I made the registry mod's as discussed above, and it solved the log entries, and everything seemed fine. Then this morning, I discovered that although, AOL seemed fine, logged on, everything was okay on line, logged off okay, but I could shut it down. Only way I could kill it was by logging off. o_O

    First thing I tried was to take all the references to the AOL programs out of processguard. No luck. Then disabled processguard. No luck :(

    I fired up Port Explorer(and I wasn't sure I'd use this) and what I saw, when AOL was hung was that ACSD.exe(the connectivity service) was trying to call home, while I was trying to shut down the main program. I killed the process with PE and when I looked AOL had an error that it had been unable to connect. Hmm, the connectivity trying to connect while the main program is shutting down. Weird.

    Since, I knew I couldn't replace the registry entries the way the had been(it wouldn't have mattered), I was contemplating uninstalling PG, reinstalling AOL. All in all unpleasant prospects.

    Then it dawned on me, just may be a nasty had gotten in, so I ran my Virus Scan, and SpybotSd. Both came up clean. Then I did a complete scan with TDS, and low and behold, no trojan, but it did report an ADS stream on acsd.exe. TDS cleaned it off, and voilla, everything is fine.

    I really don't know what happened, but its kudos to DCS for their fine tools. They sure helped figure out what was going on. :D
     
  13. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Hi, yes this will definately be fixed in the next PG. But for the time being if you notice any DOS short filepaths/names try and fix the way the program is started to get rid of potential PG issues.

    Some programs however (maybe AOL I don't know) MIGHT rely on the DOS pathnames for whatever reason, usually due to slack programming. :)

    I'm glad you guys worked it out though!

    -Jason-
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    Hi Jason

    I don't know what happened. AOL doesn't seem to need the full path. I left it in. But something, and I am clueless as to what, left an ADS stream on that exe, and that was the problem. It about drove me nuts. Sure show the worth of PE and TDS.
     
Thread Status:
Not open for further replies.