PG and FirstDefense

Discussion in 'ProcessGuard' started by karlmoll, Jun 6, 2006.

Thread Status:
Not open for further replies.
  1. karlmoll

    karlmoll Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    7
    FirstDefence has been giving me the pghash.dat, pguard.dat, etc. error messages and I wondered if there is a way to disable PG using Task Scheduler. I ask because I've automated FirstDefense to run at the same time every day and don't want to have to disable/enable PG manually. It sort of defeats the purpose of the scheduler for FirstDefense. Is there perhaps some other way to get this done automatically?
     
  2. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Good luck my friend. I had considered the same thing. Setting FD on a schedule, but PG is the problem. Well Pg is not really the problem ,but it can't be scheduled to turn off then back on after FD is thru. At least I don't think it can.
     
    Last edited: Jun 6, 2006
  3. karlmoll

    karlmoll Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    7
    Does anyone know if there is a command line instruction to do these things?
     
  4. some made up name

    some made up name Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    60
    I quite doubt it would ... seeing that it would negate the security provided by PG. ie. it may as wll not be installed if it did have that feature, as anything could then just turn it off and 'forget' to turn it back on!!
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,050
    Hi Karmoll

    You really only have a limited 3 options.

    1) Run FDISR, and realize your dat files won't get copied.(not good)

    2) Disable PG and do a manual copy with FDISR

    3) Find a PG replacement that doesn't cause problems with FDISR

    Pete
     
  6. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    722
    Location:
    Toronto
    Or re-order Pete's points as follows:

    1) after making '(m)any changes' to PG, manually disable it and copy the snapshot.

    2) schedule the snapshot copy, the dat files won't get copied, but if they haven't changed, it doesn't matter, they are the same.

    3) doesn't matter so much, it depends on your definition of '(m)any changes'. Once I've decided on permissions for new software, I don't change my mind. But if I had made one or two and then had to restore the snapshot, I could easily make them again.

    but, scheduling a snapshot copy could be a bad thing, if somehow you've 'allowed' some malware to run. You don't want that copied automatically. I'd suggest that you stick to manual only.

    Jim
     
  7. karlmoll

    karlmoll Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    7
    JW,

    It isn't simply that the files don't get copied with PG enabled which of course they don't. But, when I boot into that new snapshot, PG is dead/frozen! I have to unistall it in safe mode and reinstall it to get it working again. The only way to ensure PG works in the new snapshot is to disable it before the snapshot is created. Then boot into the new snapshot and re-enable PG.

    Now, the question I have is whether AppDefend (Ghost Security) has the same problem. Does anyone know? Does anyone know of any program like PG that doesn't have this problem.

    Thanks
     
    Last edited: Jun 8, 2006
  8. karlmoll

    karlmoll Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    7
    FYI - Here's DiamondCS's position on this issue,

    "At this time there is nothing we can do. If a backup program uses a driver to "see" the file in kernel mode then it can make a copy. Unfortunately many backup programs do not use a driver to ensure they get complete access (or perhaps they just dont try hard enough)

    It may be worth asking the developer.



    Best regards,
    Gavin Coe
    DiamondCS Support "
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,050
    Appdefend,Safe'n'Sec,Prevx1,OA,SSM,and KAV's new proactive Defense all work fine without this problem. In fact I discovered the cause of occasional error's I was getting in making FDISR archives was also due to Process Guard.
    I doubt if Leapfrog can make any changes so I would consider the alternatives to Process Guard
    I remember Retrospect's backup process also had errors unless PG was disabled.
     
  10. karlmoll

    karlmoll Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    7
    Thanks Peter. That's been a big help. What are OA and SSM please.
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,050
    OA is Online Armor Www.tallemu.com
    SSM is System Safety Monitor http://www.syssafety.com/

    They provide different feature sets. You might give them both a shot. No First Defense issues with either of them.

    Pete
     
  12. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Another option is to use Drive Snapshot for taking image backups - this has no problem copying PG's files (though you do need to give it "Install Drivers" privilege in PG itself).
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,050
    Just curious as to how this would help with First Defense. Drive Snapshot and First Defense are totally different app's and not at all interchangeable.
     
  14. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    If it became necessary to restore pghash/pguard.dat files, these could be copied from a Drive Snapshot image after doing a restore with FirstDefense. It's a kludge, but one that doesn't involve having to give up either PG or FD - and having a full image backup does protect against the possibility of hard disk failure.
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,050
    The easiest solution is disable PG and do the FDISR copies. If automatic scheduling is a must then there are the alternatives to PG, that work fine.
     
Thread Status:
Not open for further replies.