PG 3.150 full version isn't protecting me...

Discussion in 'ProcessGuard' started by sir_carew, Jan 30, 2005.

Thread Status:
Not open for further replies.
  1. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi,
    I installed PG FULL VERSION 3.150 in a Windows 2000 SP4 with all patched.
    Apparently, PG isn't protecting me correctly.
    Here's the problem:
    I added all NOD32 procceses. I followd the instructions of settings from DiamondCS list. The problem is that when I launch Task Manager, and try to kill nod32.exe process (NOD32 Scanner, of course I've executed that), PG alert me and deny the task manager to be able to kill nod32.exe. However, if I try to kill nod32krn.exe, no alert or deny from PG and all is successfull. That's strange, because I've nod32krn.exe application in the Security as I've nod32.exe. (Hopefully if nod32krn.exe is terminated, NOD start itself again).
    Why nod32.exe is being protected and nod32krn.exe not? I've both files in my security zone. This issue occurs too with other processes, some can be killed with task manager even if they're in security zone and others not. Both proccesses, nod32.exe and nod32krn.exe are protected from: Termination, Modification and Reading.
    Please help.

    Thanks very much.
     
  2. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    I ran the the utility that is bundle with PG (Process Kill Demo) and it killed all of the processes that were found as security applications. Very bad, moreover all proccesses were in the security zone with all protections.
    I think it's a new critical bug.
    This issue occurs with PG in non learn mode too!
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi sir_carew, I think you may be doing these tests in the wrong way.
    Here is the way to test using APT, Task Manager or any other termination program.

    First all four General tabs must be enabled:
    Secondly Process Guard must not be disabled or in Learning mode.
    Thirdly the Termination program must not be in PG's Protection list with the Termination flag allowed.

    If you are using Advanced Process Termination for all methods to be stopped you will have to enable Secure Message Hasndling on the target Application.

    Below is a screenshot showing Process Explorer trying to Kill Port Explorer.

    Note that both have secure message handling enabled and Process Explorer, although on the protection list, is not authorised to Terminate other protected processes.
     

    Attached Files:

  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    I should also have added that all the processes listed in the protection list should have the Protected from Termination and Modification flags enabled.

    Pilli
     
  5. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi Pilli,
    Thanks very much!
    I deleted from the list taskmgr.exe and now I can't kill any of the protected procceses.
    confusion fixed.
     
Thread Status:
Not open for further replies.