PG 3.150 & EraserUtilDrv10500

Discussion in 'ProcessGuard' started by Baldrick, Dec 12, 2005.

Thread Status:
Not open for further replies.
  1. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,557
    Location:
    South Wales, UK
    Hi there

    I haven't given up. I have finally received a response from Symantec Technical Support that appears to be on the right track..........the only problem is that I cannot test it as I am currently trialing ZASS 6.1 having got fed up with (i) the increasing number of issues I was having after the last major NIS program update......I won't go into them as it will take too long, and (ii) the lack of coherent response from Symantec Technical Support on these issues.....until now. Mind is not yet made up if I will go back to NIS but I have to say that ZASS is very, very impressive (and the price that I can get it for is very good too).

    Anyway, Symantec Technical Support suggest the following:

    "...permit or add cceraser.exe to the trusted application list in Process Guard application to resolve this issue.". Hopefully, this is the culprit .exe!

    Also suggested "... add the following files in trusted application list of process guard software.

    navw32.exe
    navapsvc.exe
    navapw32.exe"

    but I suspect that most people already have these secured.

    So, if someone could try this out, see if we finally have an asnwer and then post back to let everyone know that would be great.

    Hope that this helps?

    Best regards




    Baldrick
     
  2. MentalNoiz

    MentalNoiz Guest

    Good job on keeping us up to date on you're findings Baldrick, thanks for that .

    I searched my HD and it only finds .dll's with "cceraser" in them, no .exe . I have NAV2006 BTW .

    On my HD, the files are located in two folders :

    C:\Program Files\Common Files\Symantec Shared\VirusDefs\
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub

    Take Care
     
  3. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,557
    Location:
    South Wales, UK
    Hi MentalNoiz

    I have meialed the Symantec Technical Support contact I have and updated him on your findings. We now need to wait to see what he comes back with. What I cannot understand is why they cannot provide the name of the .exe. associated with the driver/service in question (unless it is started by some other means......but know Symantec it may be just that). You would assume that the support function would speak to the development function, eh?

    Anyway, keep the info coming and I will see if I can pass it on as I have a 'pipeline' open for the moment. I am also a little disappointed that we have not heard from either Wayne or Gavin in a while on whether there is another approach to the is issue, ie, being able to register a name application in the Protection List (if that makes sense). Nothing like fighting a fire on two fronts, eh?

    Best regards




    Baldrick
     
  4. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,557
    Location:
    South Wales, UK
    Hi there

    Have questioned Symantec Technical Support about their recommendation that we should register cceraser.dll in the Protection List with Install Driver/Services rights (see my posts above), and they have come back to confirm cceraser comes as dll file only but they still recommend the same approach, as well as also adding the following files in the Protection List:

    navw32.exe
    navapsvc.exe
    navapw32.exe

    As I cannot try this could someone else who is having this problem please try the recommendation and then get back to me on this thread with the results?

    Many thanks




    Baldrick
     
  5. fantumz

    fantumz Guest

    Wow

    What wit!
     
  6. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    DCS,
    Please don't let this thread trail off and die. There are a lot of customers that need your help on this.
     
  7. Rufuss

    Rufuss Guest

    Ok, for those that can't add any other kind of file except for the default [.exe & .scr], this is how you do it...

    Click the "Add Application" button - the dialog box shows up with only apps listed. Now, put this in the 'File Name' field at the bottom of the dialog box: *.*
    Then hit the Enter (or Return) button.

    All file types will now show up in the dialog box.

    Now you can add "Files" to your hearts content...

    Trying some of the recommendations listed in this thread - will try to keep up and let you know what happens...

    Hope this helps...

    Enjoy


    PS
    I agree that this thread should not die unil the problem(s) is address and corrected.

    To those who finally got thru to Sillytec <Symantec>, Kudos - good job, and thanks alot. It is appreciated...
     
  8. lebrocoli

    lebrocoli Guest

    Gentlemen,

    -> Using Corporate Edition 10.x

    I tried the suggestion but it did not help. I registered the 3 cceraser.dll files in these directories:

    C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\20060102.025
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\20060112.018

    Then I gave them 'Install Drivers/Services' permission but still did not help.

    Then I was thinking what the f.... is going on?

    I then uncheck the option 'Block Rootkit/Driver/Service Installation' on the main page, scanned for 2 sec, stopped the scan, re-check the option and everything was ok! Reboot the machine, still ok after that. Then used live update to get the current stuff. Scanned again and oh problem re-appear.

    After investigation, I can say this:

    Each time you use live update, a new directory is created and all the new definitions files are injected into the new directory, including a new cceraser.dll file.

    That would be why each time you update symantec, you get the problem again. PG must see this new cceraser.dll file as a new file use when starting the driver EraserUtilDrv10500 and prevent the whole thing to register properly.

    That said, if I re-do the trick of un-checking for 2 sec the main app option and start a scan for 2s sec and stop and re-check the option, I do not see the problem again. Of coarse until I update again.

    There must be more to it than just the cceraser.dll file.
    Let's keep up the good work!
     
  9. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,557
    Location:
    South Wales, UK
    Hi lebrocoli

    Many thanks for the excellent investigative work. I will send this down the pipeline to Symantec Technical Support and see what they come back with. I will also suggest that rather than just keeping in-house, ie, with the Tech Support people, that they pass it back to the development team. Not sure that this will do any good but you never know.

    Will post back as soon as I have any feedback.

    Best regards



    Baldrick
     
  10. kampsk

    kampsk Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    33
    Same here,
    I found multiple copys of the dll on my system with the date of update. tricky fix for DCS I would think.
     
  11. kampsk

    kampsk Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    33
    Last edited: Jan 14, 2006
  12. Red Dawn

    Red Dawn Registered Member

    Joined:
    Jun 28, 2004
    Posts:
    116
    still no fixes on this huh? Only option so far is to disable PG on reboots and symantec updates...
     
  13. Brocoli

    Brocoli Registered Member

    Joined:
    Dec 15, 2005
    Posts:
    5
    I would like to add this:

    Let's assume that unchecking 'Block Rootkit/Driver/Service Installation' on the main tab is that same as checking 'Install Drivers/Services' for a particular file.

    Then, since checking 'Install Drivers/Services' for cceraser did not work BUT unchecking 'Block Rootkit/Driver/Service Installation' worked, we can probably say that Symantec is really trying to install some driver BUT cceraser is not the exact file we need to give permission to.

    Does that make sense?
     
  14. daTerminehtor

    daTerminehtor Registered Member

    Joined:
    Aug 12, 2005
    Posts:
    9
    Location:
    Great White North
    I can only add this to the discussion - until yesterday I was running SAV 9x, and this was not happening. Only after I installed 10x did this occur.
     
  15. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,557
    Location:
    South Wales, UK
    Hi there

    I have heard back from Symantec Technical Support re. the last information I sent them (supplied by lebrocoli) and this is what they have to say:

    "...thank you for mailing the details regarding this issue. I have passed the information which you have provided in your mail to our product Development team.

    Our support staff thanks you for your patience as we investigate this issue. We will continue our efforts in tracking this issue, and will update the Symantec Online Knowledge Base to include new updates.
    Please feel free to contact us for further assistance, and thank you for using Symantec software."

    Well, this may be the last we hear of this from Symantec...but then again, you never know. Will keep scanning for this in the Knowledge Base and post back if I find anything.

    Best regards




    Baldrick
     
  16. daTerminehtor

    daTerminehtor Registered Member

    Joined:
    Aug 12, 2005
    Posts:
    9
    Location:
    Great White North
    Thanks for the news Baldrick.

    Which returns us (again) to the PG devs. We've not heard from you in 3 weeks.

    Is there any update to this issue?
     
  17. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hopefully we'll all hear more soon. Its being worked on as we speak/type :)
     
  18. Brocoli

    Brocoli Registered Member

    Joined:
    Dec 15, 2005
    Posts:
    5
    Thanks Baldrick/Gavin.
     
  19. IceStationZebra

    IceStationZebra Registered Member

    Joined:
    Jan 17, 2006
    Posts:
    1
    Assuming you are running XP Pro, SP2, with all updates (Windows & AV), upgrade to PG 3.2.

    http://www.diamondcs.com.au/processguard/pgsetup_3200.exe

    To keep your current settings: Start > All Programs > ProcessGuard > Uninstall ProcessGuard. ( I.E., do *not* use "Add or Remove Programs" ! ) Reboot. Install into the existing ProcessGuard folder.

    If you want to start fresh, use "Add or Remove Programs" to uninstall. Delete the existing ProcessGuard folder before installing. Reboot.

    Enjoy ! :)
     
  20. Cure

    Cure Guest

  21. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,473
    Location:
    The Netherlands
  22. Cure

    Cure Guest

    Much appreciated.
     
  23. TCHARE

    TCHARE Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    1
    I've been having the problem since installing Norton SystemWorks 2006 (with PG3.15), but waited for the realease of PG 3.2 before I added my 2 cents to this thread.

    I install PG 3.2 (after uninstalling 3.15), but still get the balloon mesage about "EraserUtilDriver" but this time the number has changed from 10500 to 10501.:mad:

    Not only is this bug triggered after the NAV initiates LiveUpdate, but it is triggered if I manually try to run Norton Full Scan or Quick Scan.

    Clicking on Allow Driver/Service has NO effect -- only a brief pause in its entries in its log.

    With great regret, I am compelled to disable "Block Driver/Service Installation," which was one of the main reasons for buying PG.

    I trust this "bug" can be resolved soon!

    I have a Dell XPS -- Windows XP Pro
     
  24. Rufuss

    Rufuss Guest

    Here's a new twist (Sort of...)

    While checking for drivers in the Device Manager on a W2K machine, I came accross, none other than the "infamous" EraserUtilDrv10500 & EraserUtilDrv10501 Drivers.

    It's listed under Non-Plug and Play Drivers, when you select to view hidden devices.

    When viewing the properties of these rascals, this is what it says:

    Class: Non-Plug and Play Drivers
    Devvice: EraserUtilDrv10500
    No resources used
    Device Drivers:

    Class: Non-Plug and Play Drivers
    Devvice: EraserUtilDrv10501
    No resources used
    Device Drivers:


    So, that being said, I checked it on XP SP2, no such luck. It's not there.

    No Help, I know. Just adding to the Pot...

    We keep trying....

    Kudos
     
  25. Brocoli

    Brocoli Registered Member

    Joined:
    Dec 15, 2005
    Posts:
    5
    Well,

    Seems like 3.3b might fix our problems. Anybody tried yet?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.