PG 3.200 beta and pgaccount.exe

Discussion in 'ProcessGuard' started by sukarof, Oct 31, 2005.

Thread Status:
Not open for further replies.
  1. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    It has happend a couple of times that when I reboot my computer PG complains (in processguard status) that pgaccount.exe is not running. But I can see in administrative tools/service that pg service has in fact started, but processguard still complains. If I look in taskmanager there is no pgaccount.exe started.

    But still PG protects me, ie it blocks and asks for confirmation for new programs that are started and it blocks driver installations. I can also manually kill pgaccount.exe in taskmanager (after giving it rights to kill protected processes) but PG still is doing its job.
    Is this a bug or doesnt pgaccount.exe need to be loaded? It seems a bit odd, but a good oddity, that way malware can kill pgaccount.exe without killing my protection :) I´m just a bit curious.

    Even if I manually doubleclick on pgaccount.exe in the pg folder and it shows up in taskmanager as a process, processguard wont recognize that pgaccount has started. I have to reboot to get processguard status to recognize that pgaccount is running.
    *edit* I did not have to reboot, I had to close and open the GUI two times then it showed the running status for pgaccount.exe.

    Otherwise I have no problems with this beta (if one can call this a problem :)
     

    Attached Files:

    Last edited: Oct 31, 2005
  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi,

    The SERVICE in Admin Tools > Services is not PGAccount (that is DCSUserProt). PGAccount is only for execution prompts, and loads from the "all users run" registry. Any (and every) user who logs in should have this file running.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    1) Do you have an entry there to start pgaccount.exe ?
    2) Are you running ProcessGuard manually, or is it starting automatically ? (meaning you are logging into the account which installed PG)
     
    Last edited: Nov 1, 2005
  3. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    P.S. a malware can't kill PGAccount, you killed it by allowing Task Manager terminate access
     
  4. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    This behaviour seems to be no different from previous versions of PG and I see it also (when logged in as a non-admin user). It would be nice to see this resolved, and even nicer to be able to run ProcGuard as a normal user, not an administrator.
     
  5. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Thanks for your reply.
    1. Yes I have that entry.
    2. Processguard starts automatically.

    I have rebooted several times but cant seem to reproduce the "problem".
    Maybe it has something to do with a crash I had (not PG related as far as I know) after that crash I had to, in PG, allow all previously allowed programs to execute again.

    I didnt know this. For a second I doubted my self, but I am sure that PG prompted for confirmation to execute programs not previously allowed when pgaccount.exe was not running!? Strange....
    But maybe I somehow missed pgaccount.exe in the process list, even tho I checked in taskmanager and process explorer (sysinternals.com) several times.
    Ah..well I will monitor this to see if it happens again.
     
  6. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    I didn`t have a crash but when I rebooted this morning I had to add several programs again to PG`s list. Could that be a small bug Wayne? (WinXP sp2)
     
  7. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    The installer currently deletes your protection list ON INSTALL (not when uninstalling) so that old versions cannot cause a conflict

    We might remove this delete option now, or put it in the uninstall. I am thinking the best way is on UNINSTALL you get a message "do you want to keep your settings".

    This configuration file was deleted on install due to format changes between versions 2 and 3, and in some of the early 3.x versions. The configuration was deleted for compatibility reasons.
     
  8. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    This sort of information would be really useful to mention in a release notes readme file. I actually copied the pguard/pghash files from 3.150 and found myself unable to log in, since for some reason PG withdrew modification rights from lsass.exe (preventing it from then modifying winlogon.exe). Giving lsass modify rights resolved that issue (I'm allergic to Learning mode since it is too time-consuming and not paranoid enough...).
     
Thread Status:
Not open for further replies.