PG and First Defense ISR

Discussion in 'ProcessGuard' started by WilliamP, Nov 18, 2004.

Thread Status:
Not open for further replies.
  1. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I am the proud owner of both programs. When I created a secondary snapshot in FDISR there was 3 errors. Checking the log it was procguard.sys,pghash.dat and pguard.dat. Access denied. Does this mean that PG won't work in the secondary snapshot?
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,059
    Hi William

    What I do whenever I copy from one snapshot to another is disable PG, remove Wormguards protection, and disable my antivirus. Then if I do anything in the other snapshot I have to reenable everything. If you do this you won't get the error's and yes PG and all your software will indeed work another snapshot.

    Pete
     
  3. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Thanks Pete. Do I just go into Main and unclick Protection Enabled? Or do I have to do more?
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,059
    Either do it that way or right click the systray icon. But yes that is all you need to do.

    Pete
     
  5. bluekey23

    bluekey23 Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    77
    Hello,
    I also use both programs and have run into this issue too. Based on my correspondence with the developer of FirstDefense, Peter's advice is right on. Also(and this is very important): If you want to remove a snapshot, BE SURE to completely remove PG(and its remnants) before doing so. If you don't do that, you will end up with ISR structure errors and will only be able to boot into one snapshot. There is a workaround for this, but it's a pain to be avoided. The developer of FDISR is aware of this issue with PG.
    Good luck
     
  6. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    BlueKey THANK YOU. Now I really will wait to purchase PG until this issue is resolved, who knows how much trouble you might have saved me, thanks. :)

    Acadia
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,059
    Hmm I have removed a snapshot to test whether it was worth the time saved in imaging the disk. It wasn't. But other than my standard disabling of ProcessGuard I had no issues. I removed the snapshot, did imaging and then added back a new snapshot. It was a non event.


    Pete

    PS. Admittedly I haven't done it with the latest PG. May try it this weekend.
     
  8. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Peter, if you do try it with the latest PG please get back to us, I'd REALLY be interesting in knowing, thanks.

    Acadia
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,059
    I will probably give it a try tonight. Once I do I'll post the results.

    Pete
     
  10. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I did another update this evening. This time I disabled PG . No errors. I booted into the secondary snapshot to check PG. Everything seemed fine.
     
  11. bluekey23

    bluekey23 Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    77
    Hi,
    Looks like maybe I should clarify what I said in my previous post. All I know is what happened when I had PG installed on a snapshot that I tried to delete. The snapshot deleted okay, but this also produced so-called structure errors in ISR which only allowed me to boot into one snapshot after the removal. According to what the developer told me the "culprit" was **procguard.sys**. It's my understanding that when you remove PG then the the driver is automatically removed, which should prevent any major problems.

    Also, it might be of interest to pass on what raxco told me(back in sept as I recall) -look for a major update to FDISR sometime later in the year. Should be interesting.
     
  12. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Fantastic! Hopefully an already unbelievable product will be getting even better (but quite frankly, I'm not sure how they could make FD-ISR any better).

    Thanks Bluekey, Peter, and William :)

    Acadia
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,059
    Okay test complete. Note however I only use one snapshot beyond the primary.

    I the software I have that monitors something includes SpybotSD immunize(no teatimer) F-Prot AV Giant AS Spywareblaster,SpywareGuard, Zone Alarm Pro latest version, and DCS Wormguard. Note I use TDS-3 but don't have execution protection turned on.

    The test. I disabled F-PRot, disabled PG (not removed) and removed Wormguards Protection. Then I removed the FD-ISR snapshot, and defragged the drive. I then disabled FD-ISR's preboot, and imaged the drive. Then reenabled FD-ISR's preboot, built the new snapshot, defragged, and here as I type I am working in the rollback snapshot.

    No problems whatsoever.

    Note that I only use on additional snapshot. Originally I had three, but found I really didn't need them as I do external backups and disk images. Since I normally image with the rollback snapshot installed, the images are all ready bigger. Additional snapshots just make the problem worse.

    Would there be a problem if I had 3 snapshots and removed one of them. Could be, and also could be a function if one removed the 2nd one leaving 1 and three.

    Based on my experience I don't see a problem with PG and FD-ISR.

    Pete
     
  14. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Thanks Pete. That is good to know.
     
Thread Status:
Not open for further replies.