pg 1.300 log

Discussion in 'ProcessGuard' started by the mul, Feb 21, 2004.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    C20 Feb 00:29:40 - Window Log Started
    20 Feb 11:17:38 - Process Guard Protection is ACTIVE
    20 Feb 20:44:46 - Process Guard Protection is ACTIVE
    21 Feb 11:25:40 - Process Guard Protection is ACTIVE
    21 Feb 11:35:45 - [DRIVER/SERVICE] c:\docume~1\alluse~1\applic~1\symantec\liveup~1\downlo~1\exitem2406_norton$20internet$20security$20ids$20signatures_1.0_english\idscolu.exe [2068] Tried to modify an existing driver/service named symidsco
    Can u please help with this log.

    THE MUL
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Mul, This looks like the NAV udater trying to start a service, I do not use NAV but if you do a search on this forum there are a number of PG - NAV posts.
    If you have not already done it you may need to add the udater .exe to the list

    HTH Pilli
     
  3. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    I had the same log report after NIS 2004 did a live update. Apparently part of the update included a Symantec driver revision.

    You need to add idscolu.exe and idslu.exe to PG and set Options to allow Driver/Service installation for these two executables. I would also ALLOW Write, SetInfo, Terminate, Suspend. Be sure the BLOCK is active for Write, SetInfo, Terminate, Suspend.

    These two files are found in C:\Program Files\Common Files\Symantec Shared\IDSDefs folder

    Also you probably need to reboot so that the new Symantec driver is active.

    The above PG entry should prevent this problem the NEXT time Symantec LiveUpdate downloads a Driver revision....which could happen anytime.
     
  4. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    many, many, many, thanks for all your help, i will do this straight away.
    I have not had any problems before from nav, and as u say the new update has caused the problem to arise.


    thanks again

    the mul
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Thanks siliconman01, you now have 14 karma cookies as I thought 13 may be deemed unlucky by some :)

    OK mul - They are a helpful lot around here :)

    Enjoy!
     
  6. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    I have tried to find idscolu.exe and idslu.exe in the symantec shared file, but idsdefs folder does not exist in there.
    I have done a search and idscolu.exe only exists in the prefech, and idslu.exe does not exist ,and i also searched for the idsdefs folder, and it does not find it either.
    Just to let u know it is nav 2003 that i have as a backup av, it is not my main av.


    Hope to hear from u soon

    The Mul
     
  7. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    I see in your signature that you have Norton Personal Firewall (npf). NIS is just a combination of NAV and NPF. IDSCOLU.exe is for internet security updates which would be NPF.

    It may be a hidden file. In Windows Explorer, do you have Show Hidden Files permitted and Hide Protected Operating System Files unchecked?
     
  8. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    Can u tell me where are these options to check and un check.

    the mul
     
  9. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    I have found it, and have show hidden files box checked already, and hide protected operating system files box i have unchecked this.
    I have tried to find idscolu.exe and idslu.exe in symantec shared fies, but it is not there, or any where i have looked, even a search has only found idscolu .exe exists in the prefetch that is all i can find.


    the mul
     
  10. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    may be norton only extract them temporarly and delete them after the update ?
     
  11. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    You might be right on that one, i have had only one log on this issue, and no other alerts before, or now, on this issue have ever appeared.
    I will wait and see if it happens again.

    thanks the mul
     
  12. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Yes, that is a possibility and difference between 2003 and 2004 or maybe even my NIS and your NPF. They are located where shown in my first post for NIS 2004 version.

    From what I can tell, the driver gets updated okay when the PG BLOCK occurs; however, it probably does not get loaded in memory until you reboot. As you know, Symantec does a lot of program updating automatically and without rebooting under normal circumstances.
     
  13. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    Thanks for all your help siliconman 01.


    the mul
     
Thread Status:
Not open for further replies.